Writing.io Jobs

Find the best remote jobs. Answer a few questions and we'll deploy a powerful assistant to help you search, create alerts, and more.

1 What roles are you open to?

2 Experience level

3 Work style

Did you know? If memory is enabled, Writing.io can remember your job search preferences and help you to improve your resume, craft customized outreach and more.

Security Senior Cloud Security Engineer - AI Resilience & Security Enhancements (Contract) at Form3

Senior Cloud Security Engineer designs and implements security controls, governance frameworks, and resilience improvements across cloud-native payment infrastructure.

Senior Posted 1 day ago RemoteFirstJobs Product
What this role involves

THE PROJECT 📝

We’re looking for an experienced Senior Cloud Security Engineer to join Form3 on a contract basis to deliver a strategic programme of security enhancements across our cloud-native payments platform.

Focusing on improving cloud security, operational resilience and governance across our engineering ecosystem, you will work closely with our Platform Engineering and Security teams to design and implement practical security improvements that enhance how we build, deploy and operate critical payment infrastructure.

You’ll play a key role in strengthening areas such as cloud platform security, software supply chain security, identity and access management, AI governance, cryptographic controls and automated security assurance, ensuring solutions are scalable, production-ready and aligned with regulatory expectations.

Key responsibilities

  • Assess the current cloud security posture across Form3 environments, identifying risks, control gaps and opportunities for improvement.
  • Design and implement scalable cloud security controls that improve the resilience and security of our cloud-native platform.
  • Enhance perimeter security controls across cloud infrastructure.
  • Strengthen CI/CD pipeline security through secure build processes, automated security testing, deployment governance and artefact integrity.
  • Improve production access security, including RBAC, least-privilege implementation, deployment tooling and operational processes.
  • Enhance software supply chain security through dependency management, container image scanning, provenance, signing and vulnerability remediation.
  • Contribute to the secure adoption and governance of AI-enabled engineering capabilities, including controls for data protection, auditability and operational resilience.
  • Provide technical leadership and guidance on cloud security architecture and secure engineering practices.
  • Produce high-quality technical documentation, including solution designs, implementation plans, operational procedures and security evidence.
  • Collaborate closely with engineering, platform and security teams to deliver maintainable, production-ready security improvements.
  • Ensure all deliverables align with operational resilience requirements, regulatory obligations and internal security standards.
  • Deliver changes using structured, low-risk change management practices while maintaining service availability.

WE’RE LOOKING FOR 🔍

Essential

  • Extensive experience designing and implementing cloud security solutions within large-scale cloud-native environments.
  • Strong hands-on experience securing public cloud platforms (AWS preferred).
  • Expertise in cloud security architecture, identity and access management, workload protection and infrastructure security.
  • Experience securing CI/CD pipelines and modern software delivery practices.
  • Strong understanding of software supply chain security, including dependency management, artefact signing, provenance and vulnerability management.
  • Experience implementing least-privilege access models and RBAC.
  • Knowledge of security monitoring, risk assessment and security governance.
  • Experience working within highly regulated or business-critical production environments.
  • Excellent stakeholder management and communication skills, with the ability to influence engineering teams.
  • Strong technical documentation and design skills.

Desirable

  • Experience implementing security controls for AI or machine learning platforms.
  • Knowledge of cryptographic controls and key management.
  • Experience with Infrastructure as Code and policy-as-code tooling.
  • Familiarity with payment platforms or financial services environments.
  • Understanding of operational resilience frameworks and regulatory requirements affecting critical financial infrastructure.
  • Relevant cloud or security certifications (AWS Security Specialty, CISSP, CCSP or similar).

TECH STACK ⚙️

  • AWS – Cloud infrastructure and security controls.
  • Kubernetes – Container orchestration and workload security.
  • Terraform – Infrastructure as Code and security automation.
  • CI/CD tooling – Secure software delivery, build security and deployment governance.
  • Container security tooling – Image scanning, vulnerability management and runtime protection.
  • Identity & Access Management (IAM) – Least privilege, RBAC and privileged access controls.
  • Software Supply Chain Security – Dependency scanning, artefact signing, provenance and integrity controls.
  • Security monitoring & observability platforms – Detection, auditability and operational visibility.
  • AI governance and security controls – Supporting secure adoption of AI-enabled engineering capabilities.

INTERVIEW PROCESS ✍️

Stage 1: Screening Call with Talent Team

Stage 2: Kubernetes & Linux Interview

Stage 3: Cloud Security & Engineering Best Practices interview

We always aim to stick to the above process, however there may be occasions when an additional interview stage is needed for us to be sure we’re hiring the right fit for the role.

HIRING LOCATIONS📍

Here are the locations that we are looking to engage with contractors from. Please note, we are not looking to engage with contractors outside of these locations.

  • Austria
  • Bulgaria
  • Croatia
  • Cyprus
  • Estonia
  • Greece
  • Hungary
  • Italy
  • Latvia
  • Lithuania
  • Malta
  • Romania
  • Slovakia
  • Slovenia

All contractors start their first day in our office to collect the equipment needed to work remotely.

ABOUT FORM3 💭

Revolutionising the world of payments with our cloud-native, multi-cloud platform. For more information about Form3, check out the following pages:

What we do | Life at Form3 | Payments Cannot Fail Series | .Tech Podcast

OUR DEI&B COMMITMENT

We hire talented people from a variety of backgrounds and experiences and are committed to a work environment based on diversity, open-mindedness and curiosity. We’re united by our company values (we even created them together!) and we celebrate our unique differences.

Our employee lifecycle processes are designed to embrace equal opportunity and prevent discrimination against our people regardless of personal characteristics. It is our strong belief that the more inclusive and belonging we are as a business, the better our work will be.

As an inclusive employer, we guarantee to interview all neurodiverse and physically disabled applicants who meet the minimum criteria for this role. We also encourage candidates to notify us of any reasonable adjustments that may be required during the recruitment process. This includes providing job adverts in alternative, accessible formats or adjustments required at interview stage.

If you consider yourself to be neurodiverse or physically disabled under the UN definition of disability and would like to be considered under this scheme and/or require any reasonable adjustments please let us know by sending an email to careers@form3.tech clearly stating your consent for us to process this data.

For more information please refer to our Recruitment Data Policy.

Read the full description
Security Senior Application Security Engineer at Google Fiber

Senior Application Security Engineer secures applications and development ecosystems by managing defenses, architecting CI/CD security controls, and governing AI integrations within the SDLC.

Senior Remote Posted 1 day ago RemoteFirstJobs Product
What this role involves

At GFiber, we believe that great internet has the power to drive innovation, strengthen communities, enable the impossible, and do all the everyday things that make all of our world go round. And the job of creating better internet is never done - so we’re growing! Our team is committed to building a place where people who want to make a difference can grow their careers and find their spot to belong.

GFiber is an Alphabet company that brings Google Fiber and Google Fiber Webpass internet services to homes and businesses across the United States. Our teams are expanding as we connect more cities and people to exceptional internet.

The application window will be open until at least July 19th, 2026. This opportunity will remain online based on business needs which may be before or after the specified date.

This role is not eligible for immigration sponsorship.

Role Description

As a Senior Application Security Engineer, you will be a core technical advisor for securing GFiber’s applications and development ecosystems. You will partner closely with engineering teams to review code, secure software delivery pipelines, and design frameworks that make writing secure code the path of least resistance. You will lead initiatives ranging from managing threat detection boundaries to establishing cutting-edge AI integrations within our development lifecycle. This is a highly collaborative role where you will influence engineering practices, champion security culture across teams, and occasionally share strategic insights with senior leadership.

In this role, you’ll:

  • Manage and optimize core application defenses, including the Web Application Firewall (WAF) and automated vulnerability scanning tools, while monitoring key security metrics.
  • Architect and maintain security gating processes within the CI/CD pipeline to ensure secure, seamless software delivery.
  • Govern and secure our growing AI pipeline within the SDLC by implementing input/output monitoring, context controls, and safety guardrails around AI-generated code.
  • Partner with development teams to remediate vulnerabilities, scale the security champions program, and co-lead our public bug bounty initiative.
  • Mentor junior engineers and analysts, and occasionally present security postures, trends, and program milestones to upper management.

At a minimum, we would like you to have:

  • Bachelor’s degree in Computer Science, a related technical field, or equivalent practical experience.
  • 5 years of experience with managing Web Application Firewalls (WAF) and integrating automated security gating into CI/CD pipelines.
  • Experience with vulnerability management and cloud-hosted application security scanning tools.
  • Experience collaborating directly with software development teams on threat mitigation.
  • Experience with scripting or programming languages (i.e., Python, Java, Kotlin) to automate security processes.

It’s preferred if you have:

  • Experience implementing security guardrails, context controls, or monitoring for Large Language Models (LLMs) and AI-assisted development tools.
  • Experience leading or growing a security champions program or a bug bounty platform.
  • Experience mentoring junior security professionals or teaching secure coding practices to engineering teams.
  • Experience analyzing technical security risks and presenting metrics or findings to upper management.
  • Knowledge of ISP infrastructure, web-scale networks, or cloud environments (e.g., GCP, AWS).

The US base salary range for this full-time position is between $156,900 - $229,700 + bonus + benefits. As pay varies by location, your recruiter will share more about the specific salary range for your targeted location during the hiring process.

#LI-DNI

GFiber is committed to equal opportunity employment regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, gender identity, age, citizenship, marital status, disability or Veteran status. Disclosure is voluntary, and this information will be kept confidential in compliance with Google’s Candidate Privacy Policy. For more information please refer to our Equal Employment Opportunity Policy and the EEOC’s “Know your rights: workplace discrimination is illegal” (PDF).

It’s important to us to create an accessible, inclusive workplace for everyone. If you have a need that requires accommodation, please let us know by completing ouraccommodations for applicants form. Our candidate accommodations team will then connect with you to confidentially discuss your options.

Read the full description
Security Sr. Security Engineer at Brave

Conducts security reviews, penetration testing, triages security reports, and implements security-relevant code across Brave's browser and search products.

Senior Remote Posted 1 day ago RemoteFirstJobs Product
What this role involves

Senior Security Engineer

Remote

About Brave

Brave is on a mission to protect the human right to privacy online. We’ve built a free web browser that blocks creepy third-party ads and trackers by default, a private search engine with a truly independent index, a browser-native crypto wallet, and a private ad network (opt-in!) that directly rewards you for your attention. And we’re just getting started. Already 110+ million people have switched to Brave for a faster, more private web. Millions more switch every month.

The internet is a sea of privacy-harmful ads, hackers, and echo chambers. Big Tech makes huge profits off our data, and tells us what’s true and what’s not. Brave is fighting back. Join us!

Summary

We are hiring a staff engineer on the Brave security and privacy team! You will help keep our users safe across Brave’s products, including Brave browser and Brave Search. Responsibilities include:

  1. Security reviews of Brave products
  2. Triaging and fixing security reports
  3. Designing and implementing security-relevant code
  4. Penetration tests of Brave products and infrastructure

Brave is widely-recognized as one of the best browsers for security and privacy, doing industry-leading work with a team that’s a fraction of the size of Big Tech-supported browsers.

Required qualifications

  • At least 5 years experience (or equivalent) in security engineering
  • Experience in penetration testing and/or security auditing
  • Proficiency in C++, both implementing and reviewing
  • Strong familiarity with the Web security model
  • Experience securing AWS infrastructure
  • Very comfortable working and communicating async with a geographically-distributed software development team
  • Be comfortable diving into an extremely large, unfamiliar and complex codebase
  • Be comfortable with Git and collaborating on GitHub

Preferred qualifications

  • Experience contributing to large open source codebases and/or participating in open source communities
  • Proficiency in Web technologies (HTML, CSS, JavaScript)
  • Proficiency in Go and Rust
  • DevOps experience
  • Contributions to other Web browsers
  • Familiarity with Chromium’s architecture, especially security
  • Ability to write clear technical documentation and less technical writing for blog posts or public communication.
  • Be excited about privacy, anonymity, and censorship resistance!
Read the full description
Security Senior Cloud Security Engineer - AI Resilience & Security Enhancements (Contract) at Form3

Design and implement cloud security controls, strengthen CI/CD pipeline security, manage identity/access, and ensure AI governance across a cloud-native payments platform.

Senior Posted 1 day ago RemoteFirstJobs Product
What this role involves

THE PROJECT 📝

We’re looking for an experienced Senior Cloud Security Engineer to join Form3 on a contract basis to deliver a strategic programme of security enhancements across our cloud-native payments platform.

Focusing on improving cloud security, operational resilience and governance across our engineering ecosystem, you will work closely with our Platform Engineering and Security teams to design and implement practical security improvements that enhance how we build, deploy and operate critical payment infrastructure.

You’ll play a key role in strengthening areas such as cloud platform security, software supply chain security, identity and access management, AI governance, cryptographic controls and automated security assurance, ensuring solutions are scalable, production-ready and aligned with regulatory expectations.

Key responsibilities

  • Assess the current cloud security posture across Form3 environments, identifying risks, control gaps and opportunities for improvement.
  • Design and implement scalable cloud security controls that improve the resilience and security of our cloud-native platform.
  • Enhance perimeter security controls across cloud infrastructure.
  • Strengthen CI/CD pipeline security through secure build processes, automated security testing, deployment governance and artefact integrity.
  • Improve production access security, including RBAC, least-privilege implementation, deployment tooling and operational processes.
  • Enhance software supply chain security through dependency management, container image scanning, provenance, signing and vulnerability remediation.
  • Contribute to the secure adoption and governance of AI-enabled engineering capabilities, including controls for data protection, auditability and operational resilience.
  • Provide technical leadership and guidance on cloud security architecture and secure engineering practices.
  • Produce high-quality technical documentation, including solution designs, implementation plans, operational procedures and security evidence.
  • Collaborate closely with engineering, platform and security teams to deliver maintainable, production-ready security improvements.
  • Ensure all deliverables align with operational resilience requirements, regulatory obligations and internal security standards.
  • Deliver changes using structured, low-risk change management practices while maintaining service availability.

WE’RE LOOKING FOR 🔍

Essential

  • Extensive experience designing and implementing cloud security solutions within large-scale cloud-native environments.
  • Strong hands-on experience securing public cloud platforms (AWS preferred).
  • Expertise in cloud security architecture, identity and access management, workload protection and infrastructure security.
  • Experience securing CI/CD pipelines and modern software delivery practices.
  • Strong understanding of software supply chain security, including dependency management, artefact signing, provenance and vulnerability management.
  • Experience implementing least-privilege access models and RBAC.
  • Knowledge of security monitoring, risk assessment and security governance.
  • Experience working within highly regulated or business-critical production environments.
  • Excellent stakeholder management and communication skills, with the ability to influence engineering teams.
  • Strong technical documentation and design skills.

Desirable

  • Experience implementing security controls for AI or machine learning platforms.
  • Knowledge of cryptographic controls and key management.
  • Experience with Infrastructure as Code and policy-as-code tooling.
  • Familiarity with payment platforms or financial services environments.
  • Understanding of operational resilience frameworks and regulatory requirements affecting critical financial infrastructure.
  • Relevant cloud or security certifications (AWS Security Specialty, CISSP, CCSP or similar).

TECH STACK ⚙️

  • AWS – Cloud infrastructure and security controls.
  • Kubernetes – Container orchestration and workload security.
  • Terraform – Infrastructure as Code and security automation.
  • CI/CD tooling – Secure software delivery, build security and deployment governance.
  • Container security tooling – Image scanning, vulnerability management and runtime protection.
  • Identity & Access Management (IAM) – Least privilege, RBAC and privileged access controls.
  • Software Supply Chain Security – Dependency scanning, artefact signing, provenance and integrity controls.
  • Security monitoring & observability platforms – Detection, auditability and operational visibility.
  • AI governance and security controls – Supporting secure adoption of AI-enabled engineering capabilities.

INTERVIEW PROCESS ✍️

Stage 1: Screening Call with Talent Team

Stage 2: Kubernetes & Linux Interview

Stage 3: Cloud Security & Engineering Best Practices interview

We always aim to stick to the above process, however there may be occasions when an additional interview stage is needed for us to be sure we’re hiring the right fit for the role.

HIRING LOCATIONS📍

Here are the locations that we are looking to engage with contractors from. Please note, we are not looking to engage with contractors outside of these locations.

  • Austria
  • Bulgaria
  • Croatia
  • Cyprus
  • Estonia
  • Greece
  • Hungary
  • Italy
  • Latvia
  • Lithuania
  • Malta
  • Romania
  • Slovakia
  • Slovenia

All contractors start their first day in our office to collect the equipment needed to work remotely.

ABOUT FORM3 💭

Revolutionising the world of payments with our cloud-native, multi-cloud platform. For more information about Form3, check out the following pages:

What we do | Life at Form3 | Payments Cannot Fail Series | .Tech Podcast

OUR DEI&B COMMITMENT

We hire talented people from a variety of backgrounds and experiences and are committed to a work environment based on diversity, open-mindedness and curiosity. We’re united by our company values (we even created them together!) and we celebrate our unique differences.

Our employee lifecycle processes are designed to embrace equal opportunity and prevent discrimination against our people regardless of personal characteristics. It is our strong belief that the more inclusive and belonging we are as a business, the better our work will be.

As an inclusive employer, we guarantee to interview all neurodiverse and physically disabled applicants who meet the minimum criteria for this role. We also encourage candidates to notify us of any reasonable adjustments that may be required during the recruitment process. This includes providing job adverts in alternative, accessible formats or adjustments required at interview stage.

If you consider yourself to be neurodiverse or physically disabled under the UN definition of disability and would like to be considered under this scheme and/or require any reasonable adjustments please let us know by sending an email to careers@form3.tech clearly stating your consent for us to process this data.

For more information please refer to our Recruitment Data Policy.

Read the full description
Security EB IT-Dienstleistungen: IT-Security Manager BCM (m/w/d)

Develops and manages business continuity and information security management systems for a municipal government, ensuring operational resilience of critical business processes.

Senior Hybrid Posted 1 day ago We Work Remotely — Programming
What this role involves

Headquarters: Dresden, SACHSEN, 01069, Germany
URL: http://dresden.de

Wir sind ein Eigenbetrieb innerhalb der Stadtverwaltung Dresden mit einer komplexen IT- und Geschäftsprozesslandschaft. Zur Sicherstellung der Betriebsfähigkeit unserer kritischen Geschäftsprozesse suchen wir zum nächstmöglichen Zeitpunkt eine engagierte Persönlichkeit als # ***IT-Security Manager BCM (w/m/d)*** **Chiffre:                         EB17 04/2026** **Arbeitszeit:                 Vollzeit, 39 Wochenarbeitsstunden, unbefristet                  ** **Entgeltgruppe:           EG 10** ## Was wir bieten - ein attraktives, unbefristetes Anstellungsverhältnis mit einem interessanten und anspruchsvollen Aufgabengebiet - flexible Arbeitszeiten mit Home-Office-Option und eine familienfreundliche Ausrichtung - tarifliches Entgelt plus Jahressonderzahlung - 30 Tage Erholungsurlaub bei einer 5-Tage-Woche im Kalenderjahr - geringe bis keine Reisetätigkeit - umfangreiche Qualifizierungsangebote - zahlreiche Arbeitgeberleistungen (z. B. Jobticket, Jobradleasing, Gesundheitsleistungen, Altersvorsorge) - Möglichkeit des Bildungsurlaubs - eine strukturierte Einarbeitung sowie eine positive Arbeitsatmosphäre mit hilfsbereiten Kolleg\*innen ## Das erwartet Sie  **1.       Konzeption, Aufbau und kontinuierliche Weiterentwicklung der Managementsysteme zur Sicherstellung der Informationssicherheit und Compliance der LHD** - Konzeption, Aufbau, Betrieb und kontinuierliche Weiterentwicklung eines Business-Continuity-Management-Systems (BCMS) gemäß BSI-Standard 200-4 BCM - Identifikation und Bewertung von Risiken für Geschäftsprozesse und IT-Systeme - Durchführung von Business Impact Analysen (BIA) für kritische Geschäftsprozesse - Entwicklung und Pflege von Notfall- und Wiederanlaufplänen - Zusammenarbeit mit der ISMS-Sicherheitsorganisation der LHD - Mitwirkung bei der Durchführung von Risikoanalysen (Risikomanagement) - Erstellung und Aktualisierung von organisatorischen Regelungen, insbesondere Informationssicherheitsrichtlinien - Analyse und Dokumentation von Sicherheitsvorfällen (Detailanalyse komplexer, komponenten- und systemübergreifender, technischer Fehler Zustände, sowie die Ableitung von notwendigen Maßnahmen) - Mitwirkung bei der Konzeption, Erarbeitung und Durchführung von Sensibilisierungs- und Schulungsmaßnahmen zum Thema Informationssicherheit - Monitoring: Funktions- und Performanceüberwachung und Optimierung - Entwicklung und Erhebung von Kennzahlen / Key Performance Indicators (KPI) - Dokumentation der eingeführten IT-Sicherheits-Infrastruktur - Gemeinsame Erstellung und Pflege von Betriebs-, Einsatz- und Umstellungs-Handbüchern/Konzepten und Regelungen zum Einsatz der Systeme **2.     Mitarbeit in und Leitung von Projekten bei der Konzeption und Implementierung technischen und organisatorischen Maßnahmen in Bezug auf die Informationssicherheit** - Erstellung, Kontrolle und Weiterentwicklung von (verfahrensspezifischen) Informationssicherheitskonzepten - Mitwirkung an der Erstellung von Projektvereinbarungen, Vorhabenanmeldungen und anderer Dokumente zur Unterstützung interner Betriebsabläufen **3.       Mitwirkung bei Konzeption, Aufbau und Einrichtung von IT-Sicherheitssystemen (technisch/administrativ)** - Bereitstellung, Implementation (Installation und Konfiguration), Weiterentwicklung, Administration und Monitoring **4.        Systembetreuung IT-Sicherheitssysteme** - Softwarepflege/-wartung einschließlich Vertrag-/Lizensierungsregelungen - Sicherstellung laufender Betrieb, operative Aufgaben - Konfigurationsmanagement, Customizing (Anpassung/Parametrierung) - Unterstützung Helpdesk, Second-Level-Support, Ticketbearbeitung ** ** ## Das bringen Sie mit -  Diplom (FH), Bachelor (FH und Uni), Fachwirt (VWA, BA) auf dem Gebiet der Informatik, Wirtschaftsinformatik, IT-Forensik, IT-Sicherheit, Cyber Security oder vergleichbares Gebiet Sie sollten darüber hinaus - Neben den Erfahrungen und Kenntnissen im Fachbereich Informatik auch über ein - großes Interesse für und Sensibilität gegenüber dem Bereich IT-/Cyber-/Informations-Sicherheit verfügen - Berufserfahrung in den Gebieten Informationssicherheit wäre wünschenswert - gute Kenntnisse von ITK-Technologien und -Infrastrukturen besitzen - selbständig und gewissenhaft arbeiten, konzeptionell und analytisch denken können - kommunikationsfähig, sowie teamfähig sein und kundenorientiert arbeiten, sowie die Bereitschaft zur laufenden Fortbildung mitbringen - Einblicke in das Verwaltungsrecht sind von Vorteil - Bereitschaft zur Sicherheitsüberprüfung nach Sicherheitsüberprüfungsgesetz (SÜG) **Haben wir Ihren Nerv getroffen?** Wünschen Sie sich eine umfangreiche Einarbeitung in spannende Themen und ein gutes Team, welches Sie immer unterstützt? Dann erfüllen wir womöglich ihre Anforderungen und Sie unsere? …und freuen uns sehr auf Ihre Bewerbung. Bewerben Sie sich mit Ihren vollständigen Unterlagen über unser Online-Bewerberportal. Aus Sicherheitsgründen können nur Anhänge im PDF-Format angenommen werden. Bis zum Abschluss des Auswahlverfahrens werden Ihre personenbezogenen Daten unter Beachtung der EU-Datenschutzgrundverordnung (EU-DSGVO), des Sächsischen Datenschutzgesetzes (SächsDSG) und des Sächsischen Datenschutzdurchführungsgesetzes (SächsDSDG) in maschinenlesbarer Form im Personalmanagementsystem gespeichert und ausschließlich für den Zweck dieses Verfahrens verarbeitet und genutzt. Ihre persönlichen Daten werden vertraulich behandelt und nicht an Dritte weitergegeben. Die ausführlichen Datenschutzhinweise finden Sie unter: [www.dresden.de/stellenangeboten](http://www.dresden.de/stellenangeboten)

To apply: https://weworkremotely.com/remote-jobs/eb-it-dienstleistungen-it-security-manager-bcm-m-w-d

Read the full description
Security Senior Information Security Engineer at SmartRecruiters

Designs and implements security compliance frameworks and technical controls across multiple regulatory standards including ISO 27001, SOC 2, GDPR, and AI security requirements.

Senior Remote Posted 2 days ago RemoteFirstJobs Product
What this role involves

Company Description

SmartRecruiters is the Recruiting AI Company that transforms hiring for the world’s leading enterprises. Built for global scale, SmartRecruiters, an SAP company, delivers an AI-powered hiring platform that automates and optimizes the entire talent acquisition process, ensuring faster and smarter hiring decisions. More than 4,000 companies, including Amazon, Visa, and McDonald’s, rely on SmartRecruiters to build winning teams. In 2025, SmartRecruiters joined SAP, the global leader in enterprise applications. Together, SmartRecruiters and SAP are accelerating the reinvention of hiring by combining cutting-edge AI innovation with the scale, reach, and resources of SAP’s ecosystem.

At SmartRecruiters, we are a values-driven, globally focused tech company with strong financial backing and a bold vision for the future of work. We commit and dig deep, embracing challenges with grit, curiosity, and a drive for excellence. We foster a collaborative and inclusive work environment, where trust and determination bring us together. Because together, we will win.

Recognized by Fosway Industry Analysts as a strategic leader in recruitment technology for three consecutive years, and awarded by Comparably as a top company for Women, Perks and Benefits, Work-Life Balance, Happiness, Compensation, Diversity, and Culture - we take pride in creating a place where everyone can thrive. Our remote-friendly culture, competitive salaries, and strong internal mobility ensure that high performers have meaningful growth opportunities in an environment built on respect and empowerment.

Job Description

SmartRecruiters is looking for a Senior Information Security Engineer to join the Governance, Risk & Compliance (GRC) team. This role is critical to ensuring that SmartRecruiters’ applications, systems, and processes remain compliant with industry standards and regulatory requirements, including ISO 27001, ISO 22301, ISO 42001, SOC 2 Type II, Cyber Essentials, GDPR, and the EU AI Act.

The successful candidate will combine strong GRC expertise with a technical, engineering mindset - someone who can drive compliance programmes across multiple frameworks while also stepping into complex technical topics such as business continuity, AI security, and cloud compliance. Critically, this is not a purely audit-focused role; we need someone who can dig into technical details, assess security architectures, support forensic investigations, build automation to replace manual processes, and provide hands-on guidance to engineering and security teams. A core part of this role is identifying opportunities to engineer scalable, repeatable solutions, from compliance evidence collection to policy enforcement, rather than relying on manual effort.

Responsibilities

Governance, Risk & Compliance

  • Identify manual, repetitive GRC processes and design automation blueprints to streamline them, including evidence collection, control monitoring, access reviews, policy enforcement checks, and compliance reporting
  • Build and maintain automated workflows using compliance platforms, scripting, or integration tools to reduce manual effort and improve audit-readiness
  • Develop reusable templates, playbooks, and standardised blueprints for recurring GRC activities (e.g., vendor assessments, internal audits, risk reviews) to ensure consistency and scalability.
  • Collaborate with engineering and IT teams to integrate security and compliance checks into existing toolchains and CI/CD pipelines where applicable
  • Continuously evaluate and improve GRC tooling, data flows, and reporting to drive operational efficiency across the team
  • Manage stakeholder expectations and partner with internal teams to ensure effective management of IT risks and compliance obligations
  • Maintain regional and local stakeholder relationships, meeting schedules, minutes, and reports.
  • Support the maintenance of the SOC 2 Type II framework, including evidence collection, control testing coordination, and audit support
  • Effectively manage ISO 27001 and ISO 22301 audit lifecycles and coordinate with stakeholders on ISMS and BCMS improvements
  • Support the maintenance and continuous improvement of the ISO 42001 (AI Management System) framework in alignment with the EU AI Act
  • Support vendor risk management activities, including third-party security assessments and due diligence reviews

Business Continuity & ISO 22301

  • Serve as a subject matter expert or key contributor for the Business Continuity Management System (BCMS), supporting the strategy, framework, and audit programme under ISO 22301
  • Support Business Impact Analysis (BIA), BCP/DRP development, recovery exercises, and continuity metrics management

AI Security & Compliance

  • Support AI security and compliance activities, including the assessment of AI-related risks, alignment with ISO 42001 controls, and regulatory readiness under the EU AI Act
  • Collaborate with product and engineering teams to evaluate security controls for AI/ML features and services

Qualifications

  • 5+ years of experience in information security, governance, risk, and/or compliance roles with a technical orientation
  • Demonstrated compliance or auditing experience with at least one major framework
  • Solid understanding of controls auditing principles and evidence management
  • Knowledge of risk management methodologies and experience conducting or supporting risk assessments
  • Ability to manage and deliver on multiple complex projects simultaneously, with minimal supervision
  • The ability to investigate, question, and interpret internal and external IT security and compliance issues at both a governance and technical level
  • A strong understanding of technology, cloud-based products, and SaaS environments
  • Experience working across business units and geographical boundaries to engage engineering, business, and operational teams
  • Experience with ISO 27001
  • Excellent written and verbal communication skills in English

Nice to have

  • Professional certifications such as CISA, CRISC, CISM, CISSP, CCSK, CCSP, or equivalent
  • Experience with ISO 9001, 27017, and 27018
  • Experience with ISO 22301 (Business Continuity), including BIA, BCP/DRP, and recovery testing
  • Experience with BSI C5 (Cloud Computing Compliance Criteria Catalogue) or similar cloud-specific compliance frameworks
  • Knowledge of AI security principles, experience with ISO 42001, or familiarity with the EU AI Act and its technical requirements
  • Technical understanding of cloud infrastructure (AWS preferred), networking fundamentals, identity management, and SaaS security architectures
  • Experience with enterprise risk management frameworks and tools
  • Understanding of threat modelling methodologies and secure development lifecycle (SDLC) principles
  • Hands-on experience with incident response - including participation in security incident investigations, containment, and post-mortem processes

Additional Information

SmartRecruiters is proud to be an Equal Employment Opportunity employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Read the full description
Security Senior SecOps Automation Engineer – Consumer FinTech

Designs, implements, and maintains security automation workflows and tools to protect fintech infrastructure and operations.

Senior Posted 3 days ago Jobicy AI
What this role involves
About TruelogicAt Truelogic we are a leading provider of nearshore staff augmentation services headquartered in New York. For over two decades, we’ve been delivering top-tier technology solutions to companies of...
Read the full description
Security Senior Risk Analyst at AlphaSense

Designs and builds a quantitative, AI-driven enterprise risk management program spanning information security, AI, and operational risk.

Senior Posted 3 days ago RemoteFirstJobs Product
What this role involves

About AlphaSense:

The world’s most sophisticated companies rely on AlphaSense to remove uncertainty from decision-making. With market intelligence and search built on proven AI, AlphaSense delivers insights that matter from content you can trust. Our universe of public and private content includes equity research, company filings, event transcripts, expert calls, news, trade journals, and clients’ own research content.

The acquisition of Tegus by AlphaSense in 2024 advances our shared mission to empower professionals to make smarter decisions through AI-driven market intelligence. Together, AlphaSense and Tegus will accelerate growth, innovation, and content expansion, with complementary product and content capabilities that enable users to unearth even more comprehensive insights from thousands of content sets. Our platform is trusted by over 6,000 enterprise customers, including a majority of the S&P 500. Founded in 2011, AlphaSense is headquartered in New York City with more than 2,000 employees across the globe and offices in the U.S., U.K., Finland, India, Singapore, Canada, and Ireland. Come join us!

About the Role

AlphaSense is maturing its security risk management program and needs a Senior Risk Analyst to be a core builder and operator of that function. You will design, implement, and mature a risk framework that spans information security, AI, and operational risk—building toward a program that is quantitative-leaning, connected to live data sources, and actionable at every altitude from service owner to executive leadership. You will establish risk identification and scoring methodologies, own the enterprise risk register, and produce risk intelligence that drives real decisions. You will also support the TPRM function led by a dedicated TPRM lead, contributing to assessments and risk tracking as needed. You approach this with an AI-native mindset: using AI to monitor threat landscapes, analyze risk data, draft risk narratives, and surface emerging risks faster than a traditional manual program could. The goal is a risk function, not a risk register—one that measures outcomes and reduced exposure, not just activity.This is not a role for someone looking to maintain a program that already exists. AlphaSense is building a risk management discipline that we believe can serve as the blueprint for how AI-era companies measure, communicate, and act on risk. Risk management across the industry is still largely qualitative, reactive, and disconnected from the systems that generate real signal. We intend to change that—and we want someone on this team who shares that ambition and wants to be part of building the model that others will eventually follow.

Key Responsibilities

Risk Program Design & Maturation

Design and implement a structured risk management program, including risk taxonomy, scoring methodology, risk appetite statements, and escalation thresholds. Align the program with ISO 27005, NIST RMF, or ISO 31000 as appropriate. This is largely greenfield work—you will help define the architecture and continuously mature the discipline as the company scales.

Risk Register Ownership

Build and maintain the enterprise risk register as a living operational tool, not a compliance artifact. Lead periodic risk identification workshops with business, engineering, and legal stakeholders to surface new and evolving risks. Ensure every risk has a documented owner, risk rating, treatment decision, and remediation timeline—and that the register reflects current reality, not last quarter’s snapshot.

AI-Augmented Risk Analysis

Leverage AI tools to monitor threat intelligence, identify patterns across risk data, accelerate risk narrative drafting, and keep the risk register current between formal review cycles. Build AI-assisted workflows that reduce manual risk review burden and surface emerging risks earlier. Apply judgment to validate AI output before it informs a risk decision.

Third-Party & Vendor Risk Support

Support the TPRM function in partnership with the dedicated TPRM lead. Contribute to vendor risk assessments, risk scoring, and finding documentation as needed. Provide risk framework input to ensure third-party risks are consistently rated and tracked in alignment with the broader risk register.

AI & Emerging Technology Risk

Identify and assess AI-related risks including data privacy, model bias, explainability, security misuse, agentic system behavior, and third-party AI dependencies. Support compliance with AI governance frameworks (ISO 42001, NIST AI RMF, EU AI Act). Maintain current knowledge of the evolving AI risk landscape and help AlphaSense stay ahead of regulatory and operational risks from AI deployment.

Risk Reporting & Executive Communication

Produce clear, executive-ready risk reports, dashboards, and periodic risk summaries. Translate technical risk findings into business impact language that drives informed decisions at the service owner, leadership, and board levels. Make risk actionable at every altitude—engineers understand their exposure, executives understand portfolio risk.

Cross-Functional Risk Advisory

Provide cross-functional risk and control guidance on process improvements, new technology adoption, post-implementation reviews, and remediation activities. Support stakeholders in interpreting risk requirements and embedding risk management practices into how they build and operate—not as a checkpoint, but as an enabling partner.

What Success Looks Like

  • Security and compliance controls are clearly documented, tested, and consistently implemented—with evidence generated by integrations, not collected by hand
  • Risks and compliance gaps are identified early, tracked with owners, and remediated in partnership with technical teams before auditors find them
  • GRC processes scale alongside platform growth and new customer or regulatory requirements without proportional headcount growth
  • Stakeholders across Engineering, Legal, and Product view the GRC function as a trusted, enabling partner—not a compliance checkpoint
  • AI tools are used deliberately and responsibly: output is validated, sensitive data is protected, and automation creates leverage without introducing new risk
  • The risk register is a live operational tool that reflects current exposure—engineers know their risk posture, executives can explain portfolio risk, and risk scores change when the environment changes
  • Risk reporting is driven by KRIs and live data sources, not manually assembled status updates—leadership has real-time visibility into risk posture

Who You Are

Basic Requirements

  • 6+ years of experience in GRC, information security, risk management, or IT audit, preferably in a SaaS or cloud-native environment
  • Strong understanding of security and compliance frameworks including SOC 2, ISO 27001, NIST CSF 2.0, and CIS Controls; working knowledge of ISO 42001 and NIST AI RMF
  • AI-native mindset: you use AI tools—LLMs, agents, automation—for real, substantive work including analysis, drafting, evidence gathering, and workflow automation. You apply judgment about where AI creates leverage and where a human must stay in the loop
  • Proficiency with GRC platforms for evidence management and control testing (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Familiarity with cloud environments (AWS, Azure, or GCP) and the security and compliance posture tooling that runs on them (CSPM, SIEM, identity platforms)
  • Experience supporting external audits across security or privacy domains, including evidence collection, control walkthroughs, and auditor interaction
  • Ability to interpret technical controls and translate findings into compliance, risk, and policy documentation that engineers and non-technical stakeholders both understand
  • Working knowledge of risk registers, control libraries, and policy governance lifecycles
  • Working knowledge of privacy and data protection requirements (GDPR, CCPA/CPRA) and how they intersect with security controls, in partnership with Legal and Product teams
  • Strong written communication, analytical thinking, and attention to detail; able to produce clear audit responses, risk narratives, and control documentation under deadline
  • 4+ years of hands-on experience in information security risk management or a combined GRC/risk role with responsibility for building or significantly maturing a risk register and scoring methodology
  • Demonstrated use of AI or data tools to surface risk insights, analyze trends, draft risk narratives, or automate risk register workflows—with clear judgment about validating AI output before it informs a decision
  • Proven experience maturing an organization’s risk program from qualitative to quantitative risk measurement—including introducing scoring models, KRI frameworks, and data-driven risk reporting that changed how leadership makes risk decisions
  • Experience with data warehousing concepts, KRI development and tracking, and risk reporting pipelines that connect live data sources to dashboards and executive reporting
  • Proficiency with GRC platforms for risk tracking, control testing, and evidence management (Drata, Vanta, AuditBoard, ServiceNow GRC, or equivalent)
  • Strong analytical skills: comfort with qualitative and quantitative risk scoring, heat maps, likelihood/impact matrices, and risk appetite articulation
  • Experience producing executive-ready risk reports and translating technical findings into business impact language for non-technical audiences
  • Experience supporting TPRM assessments and contributing to vendor risk documentation in partnership with a dedicated TPRM function

Nice to Have

  • Relevant certifications: CISA, CRISC, CISM, CISSP, CCSK, or ISO 27001 Lead Auditor/Implementer
  • Experience with AI governance frameworks including ISO 42001, NIST AI RMF, EU AI Act, or OECD AI Principles
  • Exposure to SOX ITGC cycles—managing evidence, walkthroughs, and findings with external auditors
  • Privacy program crossover: data mapping, DPIAs, GDPR/CCPA operational compliance
  • Scripting or automation experience (Python, JavaScript, or low-code tools) applied to GRC or compliance workflows
  • Quantitative risk experience: FAIR-style decomposition, Monte Carlo simulation, or loss exceedance analysis applied to real risk decisions—not just theoretical familiarity
  • Experience with AI risk domains: model risk, algorithmic bias, AI system failure modes, agentic system risks, and governance frameworks including NIST AI RMF or ISO 42001
  • Familiarity with risk aggregation and BI tooling (Tableau, Looker, Power BI) for risk dashboarding and executive reporting
  • Background in financial services regulatory risk environments (SOX, FFIEC, or equivalent).

AlphaSense is an equal-opportunity employer. We are committed to a work environment that supports, inspires, and respects all individuals. All employees share in the responsibility for fulfilling AlphaSense’s commitment to equal employment opportunity. AlphaSense does not discriminate against any employee or applicant on the basis of race, color, sex (including pregnancy), national origin, age, religion, marital status, sexual orientation, gender identity, gender expression, military or veteran status, disability, or any other non-merit factor. This policy applies to every aspect of employment at AlphaSense, including recruitment, hiring, training, advancement, and termination.

In addition, it is the policy of AlphaSense to provide reasonable accommodation to qualified employees who have protected disabilities to the extent required by applicable laws, regulations, and ordinances where a particular employee works.

Recruiting Scams and Fraud

We at AlphaSense have been made aware of fraudulent job postings and individuals impersonating AlphaSense recruiters. These scams may involve fake job offers, requests for sensitive personal information, or demands for payment. Please note:

  • AlphaSense never asks candidates to pay for job applications, equipment, or training.
  • All official communications will come from an @alpha-sense.com email address.
  • If you’re unsure about a job posting or recruiter, verify it on our Careers page.

If you believe you’ve been targeted by a scam or have any doubts regarding the authenticity of any job listing purportedly from or on behalf of AlphaSense please contact us. Your security and trust matter to us.

Read the full description
Security Senior Security Engineer at Samsara

Monitors and responds to security events, leads incident response investigations, and maintains automated security workflows for a publicly traded IoT operations platform.

Senior Remote Posted 3 days ago RemoteFirstJobs Product
What this role involves

Who we are

Samsara (NYSE: IOT) is the pioneer of the Connected Operations™ Cloud, which is a platform that enables organizations that depend on physical operations to harness Internet of Things (IoT) data to develop actionable insights and improve their operations. At Samsara, we are helping improve the safety, efficiency and sustainability of the physical operations that power our global economy. Representing more than 40% of global GDP, these industries are the infrastructure of our planet, including agriculture, construction, field services, transportation, and manufacturing — and we are excited to help digitally transform their operations at scale.

Working at Samsara means you’ll help define the future of physical operations and be on a team that’s shaping an exciting array of product solutions, including Video-Based Safety, Vehicle Telematics, Apps and Driver Workflows, and Equipment Monitoring. As part of a recently public company, you’ll have the autonomy and support to make an impact as we build for the long term.

About the role:

As a member of our Security Operations Team, you will collaborate with a global team of engineers to monitor and respond to security events, lead security incidents as Incident Commander, and lead digital forensic investigations in support of Employee Relations, Legal, Compliance, or Information Security cases.

Although you will be focused on security incident response, you will also have the opportunity to create and maintain runbooks, and automated workflows, and assist in process refinement and implementation. You will collaborate with a diverse team of engineers, and key stakeholders on security initiatives across the company. Above all, your focus is bringing Security expertise to the table in a collaborative, humble, and practical manner.

Location: This role is open to candidates residing in the UK

You should apply if:

  • You want to impact the industries that run our world: Every phone call you answer and every email you send can affect whether truck drivers deliver goods on time and without accidents, whether students get dropped off safely from school, or whether power gets restored quickly after a natural disaster.
  • You thrive the most when solving problems: Our constantly expanding technology and the complexities faced by our customers provide an exciting range of challenges for our Customer Success teams. With a growth mindset and a desire to learn, you will strategically partner with our customers to find unique solutions to help keep their operations safe, efficient, and sustainable.
  • You are a natural relationship builder: Whether the relationship is with our customers or with cross-functional teams in Samsara, you are in constant communication and collaboration with key stakeholders to win as a team.
  • You are the architect of your own career: If you put in the work, this role won’t be your last at Samsara. This Customer Success team is still shaping its future and you will have plenty of autonomy and opportunities to master your craft in a hyper growth environment.
  • You want to be with the best: At Samsara, we win together, celebrate together and support each other. You will be surrounded by the best and brightest professionals out there.

In this role, you will:

  • Monitor security events and provide technical analysis on alerts
  • Lead information security incidents and employee insider investigations by developing the incident response strategy, lead the execution through incident closure, while providing incident updates to key stakeholders throughout the incident
  • Deliver security guidance clearly and concisely for incident response and insider threat initiatives
  • Coordinate the building of services, capabilities, integrations, and implementations of technologies to support security operations, incident response, and insider threat
  • Champion, role model, and embed Samsara’s cultural principles (Focus on Customer Success, Build for the Long Term, Adopt a Growth Mindset, Be Inclusive, Win as a Team) as we scale globally and across new offices
  • Participate in our on-call rota covering weekends

Minimum requirements for the role:

  • 5+ years of experience in Security Incident Response
  • Ability to communicate investigative findings and strategies to technical staff, executive leadership, and legal
  • Ability to build scripts or tools to support Samsara’s investigation processes, with proficiency in Python
  • Mentor and train security operation engineers on data collection, analysis, and reporting technical analysis
  • Practical experience acting as a lead during security incident response, including monitoring and triaging alerts, and coordinating across teams
  • Understanding of analysis and forensics techniques on macOS, Windows, and Linux
  • Experience utilizing SIEM tools to perform log reviews
  • Experience in cloud architecture and security (AWS, GCP) and cloud-based services
  • This role will be part of our EMEA so your hours will be aligned to the UK. As an operational time you may be expected to work flexible hours around this to support the load of the team

An ideal candidate also has:

  • 2+ years of experience working on insider threat initiatives or employee investigations
  • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field - or relevant industry experience
  • GIAC Certified Incident Handler (GCIH) or similar Certification
  • Familiarity with common security frameworks and standards, including NIST Cybersecurity Framework, ISO 27001, FedRAMP

Total Rewards

At Samsara, we build for the people who keep the global economy moving. We want owners, not passengers, which is why our rewards are designed to fuel high-impact builders. Our compensation program delivers above-market total compensation through a combination of base salary, performance-based bonus/variable pay, and equity (for eligible roles) in a high-growth public company. We meaningfully differentiate pay for our top performers, who have the opportunity to earn above-market compensation that can outpace the broader market over time.

Beyond compensation, we provide the foundations that enable long-term success: a flexible, employee-led remote model, a professional development stipend, comprehensive health and parental leave plans, and more. If you’re ready to build for the long term and own the outcome, your journey starts here.

Flexible Working

At Samsara, we embrace a flexible working model that caters to the diverse needs of our teams. Our offices are open for those who prefer to work in-person and we also support remote work where it aligns with our operational requirements. For certain positions, being close to one of our offices or within a specific geographic area is important to facilitate collaboration, access to resources, or alignment with our service regions. In these cases, the job description will clearly indicate any working location requirements. Our goal is to ensure that all members of our team can contribute effectively, whether they are working on-site, in a hybrid model, or fully remotely. All offers of employment are contingent upon an individual’s ability to secure and maintain the legal right to work at the company and in the specified work location, if applicable.

Belonging at Samsara

At Samsara, we welcome everyone regardless of their background. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, sex, gender, gender identity, sexual orientation, protected veteran status, disability, age, and other characteristics protected by law. We depend on the unique approaches of our team members to help us solve complex problems and want to ensure that Samsara is a place where people from all backgrounds can make an impact.

Accommodations

Samsara is an inclusive work environment, and we are committed to ensuring equal opportunity in employment for qualified persons with disabilities. Please email accessibleinterviewing@samsara.com or click here if you require any reasonable accommodations throughout the recruiting process.

Our Commitment to Authenticity

We use Tofu, a fraud detection tool, to validate the authenticity of applications and protect against identity fraud. This ensures we are connecting with real people and allows us to prioritize genuine candidates. Please see Samsara’s Candidate Privacy Notice for more information.

Fraudulent Employment Offers

Samsara is aware of scams involving fake job interviews and offers. Please know we do not charge fees to applicants at any stage of the hiring process. Official communication about your application will only come from emails ending in @samsara.com, @us-greenhouse-mail.io or @mail3.guide.co. For more information regarding fraudulent employment offers, please visit our blog post here.

Read the full description
Security Remote Securiti.ai SME at WaveStrong, Inc.

Configure and operationalize the Securiti.ai privacy-compliance platform across multi-cloud environments, automating DSAR, DPIA, and consent workflows for enterprise clients.

Senior Remote Posted 4 days ago RemoteFirstJobs Product
What this role involves

Exciting Remote Securiti.ai SME contract career opportunity.

Own the design, configuration and operationalization of the Securiti.ai platform for an enterprise privacy-compliance program — turning DSAR, DPIA, RoPA and consent requirements into a working, defensible capability the client can run after transition.

  • 2+ years hands-on Securiti.ai — discovery & classification, DSAR automation, DPIA, RoPA, consent modules
  • Multi-cloud connector configuration: AWS, Azure, GCP, Oracle Cloud, IBM Cloud; SaaS sources incl. M365 & Salesforce
  • Architect and configure the Securiti.ai Data Command Center — discovery, classification and data-mapping modules across the multi-cloud estate
  • Stand up DSAR intake and fulfillment automation, DPIA/PIA workflows, RoPA and Universal Consent Management
  • Map cross-border transfer obligations and EU AI Act touchpoints into the platform’s assessment framework
  • Integrate with the surrounding stack — DSPM, data catalog, CMDB and SaaS sources — and tune classification accuracy
  • Deliver runbooks, role-based training and knowledge transfer for client self-sufficiency.
  • Working fluency in GDPR, CCPA/CPRA and U.S. state privacy laws; EU AI Act awareness
  • Experience operationalizing DSAR SLAs, records of processing and consent at enterprise scale
  • Data mapping and lineage across structured/unstructured stores; Databricks & ServiceNow CMDB familiarity a plus
  • API-based integration experience; DSPM tooling exposure (e.g., Wiz, Microsoft Purview) valued
  • Preferred: Securiti.ai certification(s) — Privacy Ops / Data Command Center, IAPP CIPP/E, CIPM or CIPT; CISSP or equivalent security credential a plus
Read the full description
Security Security Architect (SecOps) - Northeast region (Remote) at GuidePoint Security

Lead technical discovery and design security architecture solutions for prospects and customers, translating requirements into SIEM/SOAR implementations and advising on emerging security platforms.

Senior Remote Posted 4 days ago RemoteFirstJobs Product
What this role involves

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

GuidePoint Security is seeking a Security Architect (SecOps) to join our Security Operations practice and serve as a trusted technical advisor to prospects and customers throughout the sales cycle.

Note: Applicants must live in our Northeast region to be considered (NJ to Maine). Up to 25% travel primarily in the region required.

Role Overview:

You will partner with account executives and practice leadership to build customer confidence, articulate technical solutions, and enable seamless handoffs to delivery teams. This is a customer-facing role focused on discovery, design, and positioning — not deep implementation. You will work across the SIEM, SOAR, detection-as-code, and emerging technologies like Snowflake for security data lakes.

What You’ll Do:

  • Lead technical discovery calls and translate customer requirements into high-level solution designs
  • Speak credibly about product capabilities, integrations, and architectural trade-offs (e.g., Splunk, Sentinel, CrowdStrike Next-Gen SIEM, Tines, Torque, Snowflake)
  • Draw integration diagrams, validate technical feasibility, and position GuidePoint’s differentiated capabilities
  • Support account executives in pre-sales engagements, ensuring technical alignment before formal scoping
  • Stay current on security operations trends, emerging platforms, and competitive positioning
  • Collaborate with delivery architects to ensure smooth transitions from sales to implementation
  • Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes

What We’re Looking For:

  • Technically credible — you understand how SIEM/SOAR/detection-as-code ecosystems work at a fundamental level
  • Approachable and articulate — you can explain complex topics in accessible terms without being condescending or overconfident
  • Customer-focused — you listen well, ask the right questions, and build trust quickly
  • Curious and adaptable — you’re comfortable learning new platforms (e.g., Snowflake) as customer demand evolves
  • Experience in security operations, consulting, or pre-sales engineering preferred
  • No deep implementation expertise required — we value breadth, communication, and judgment over hands-on keyboard skills

We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don’t miss updates on your application.

Why GuidePoint? GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 6,200 customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

  • Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
  • Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
  • Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
  • 12 corporate holidays and a Flexible Time Off (FTO) program
  • Healthy mobile phone and home internet allowance
  • Eligibility for retirement plan after 2 months at open enrollment
  • Pet Benefit Option
Read the full description
Security Security Architect (SecOps) - Northeast region (Remote) at GuidePoint Security

Lead technical discovery and design security operations solutions (SIEM/SOAR) for prospects, translating requirements into architecture recommendations and supporting sales engagements.

Senior Hybrid Posted 4 days ago RemoteFirstJobs Product
What this role involves

GuidePoint Security provides trusted cybersecurity expertise, solutions and services that help organizations make better decisions and minimize risk. By taking a three-tiered, holistic approach for evaluating security posture and ecosystems, GuidePoint enables some of the nation’s top organizations, such as Fortune 500 companies and U.S. government agencies, to identify threats, optimize resources and integrate best-fit solutions that mitigate risk.

GuidePoint Security is seeking a Security Architect (SecOps) to join our Security Operations practice and serve as a trusted technical advisor to prospects and customers throughout the sales cycle.

Note: Applicants must live in our Northeast region to be considered (NJ to Maine). Up to 25% travel primarily in the region required.

Role Overview:

You will partner with account executives and practice leadership to build customer confidence, articulate technical solutions, and enable seamless handoffs to delivery teams. This is a customer-facing role focused on discovery, design, and positioning — not deep implementation. You will work across the SIEM, SOAR, detection-as-code, and emerging technologies like Snowflake for security data lakes.

What You’ll Do:

  • Lead technical discovery calls and translate customer requirements into high-level solution designs
  • Speak credibly about product capabilities, integrations, and architectural trade-offs (e.g., Splunk, Sentinel, CrowdStrike Next-Gen SIEM, Tines, Torque, Snowflake)
  • Draw integration diagrams, validate technical feasibility, and position GuidePoint’s differentiated capabilities
  • Support account executives in pre-sales engagements, ensuring technical alignment before formal scoping
  • Stay current on security operations trends, emerging platforms, and competitive positioning
  • Collaborate with delivery architects to ensure smooth transitions from sales to implementation
  • Embraces emerging technologies, including AI tools, to work smarter, solve problems, and drive better business outcomes

What We’re Looking For:

  • Technically credible — you understand how SIEM/SOAR/detection-as-code ecosystems work at a fundamental level
  • Approachable and articulate — you can explain complex topics in accessible terms without being condescending or overconfident
  • Customer-focused — you listen well, ask the right questions, and build trust quickly
  • Curious and adaptable — you’re comfortable learning new platforms (e.g., Snowflake) as customer demand evolves
  • Experience in security operations, consulting, or pre-sales engineering preferred
  • No deep implementation expertise required — we value breadth, communication, and judgment over hands-on keyboard skills

We use Greenhouse Software as our applicant tracking system and Zoom Scheduler for HR screen request scheduling. At times, your email may block our communication with you. Please be sure to check your SPAM folder so that you don’t miss updates on your application.

Why GuidePoint? GuidePoint Security is a rapidly growing, profitable, privately-held value added reseller that focuses exclusively on Information Security. Since its inception in 2011, GuidePoint has grown to over 1,200 employees, established strategic partnerships with leading security vendors, and serves as a trusted advisor to more than 6,200 customers.

Firmly-defined core values drive all aspects of the business, which have been paramount to the company’s success and establishment of an enjoyable workplace atmosphere. At GuidePoint, your colleagues are knowledgeable, skilled, and experienced and will seek to collaborate and provide mentorship and guidance at every opportunity.

This is a unique and rare opportunity to grow your career along with one of the fastest growing companies in the nation.

Some added perks….

  • Remote workforce primarily (U.S. based only, some travel may be required for certain positions, working on-site may be required for Federal positions)
  • Group Medical Insurance options: Zero Deductible PPO Plan (GuidePoint pays 90% of the premium for employees and 70% for family plans (spouse/children/family) or High Deductible Health Plan with HSA (GuidePoint pays 100% of the employees premiums and 75% for family plans (spouse/children/family). If you choose the High Deductible / HSA plan, GPS will contribute in 4 equal quarterly installments: ($850 per EE annually / $1750 per family annually (includes spouse/children/family options)
  • Group Dental Insurance: GuidePoint pays 100% of the premium for employees and 75% of family plans
  • 12 corporate holidays and a Flexible Time Off (FTO) program
  • Healthy mobile phone and home internet allowance
  • Eligibility for retirement plan after 2 months at open enrollment
  • Pet Benefit Option
Read the full description
Security Senior IAM Engineer II (AI Native) at Life360

Designs and owns enterprise IAM infrastructure, setting security architecture and engineering standards while leveraging AI tools to automate access workflows and system management.

Senior Remote Posted 5 days ago RemoteFirstJobs Product
What this role involves

About Life360

Life360’s mission is to keep people close to the ones they love. Our category-leading mobile app,Tile tracking devices, and Pet GPS tracker empower members to protect the people, pets, and things they care about most with a range of services, including location sharing, safe driver reports, and crash detection with emergency dispatch. Life360 serves approximately 97.8 million monthly active users (MAU), as of March 31, 2026, across more than 180 countries.

Life360 delivers peace of mind and enhances everyday family life with seamless coordination for all the moments that matter, big and small. By continuing to innovate and deliver for our customers, we have become a household name and the must-have mobile-based membership for families (and those friends who are basically family).

Life360 has more than 500 (and growing!) remote-first employees. For more information, please visit life360.com.

Life360 is a Remote First company, which means a remote work environment will be the primary experience for all employees. All positions, unless otherwise specified, can be performed remotely (within the US and Canada) regardless of any specified location above.

We are AI Native

We are building an AI native company where AI is an integral part of how we build and operate. AI tool usage during interviews varies by role. You may be asked to demonstrate proficiency with AI tools, discuss how you leverage AI, or complete interview exercises without AI assistance. Your Recruiter will provide clear guidance as you move through the interview process.

Undisclosed use of AI not previously discussed with or approved by your Recruiter may impact your candidacy.

About The Team

Security and IT at Life360 operate as a single integrated function — and we’re building it like one. That means treating identity infrastructure the way engineering teams treat product infrastructure: owned in code, measured with data, and continuously improved. You’ll own Enterprise IAM at Life360 — setting the architecture, engineering standards, and program direction for how every employee accesses every system, at a company that handles sensitive location data for nearly 100 million users. AI is core to how this team operates day to day — from drafting and validating IaC changes to automating access-review workflows — so identity engineering here means designing systems that pair automation with human judgment, not replacing one with the other.

About the Job

We’re looking for a Sr. IAM Engineer who thinks in systems, writes code to solve operational problems, and treats identity as a platform discipline. You’ll own the full enterprise identity stack: how it’s architected, how it’s measured, and how it scales as we grow. The foundation is in place now and we need someone to drive the design, automation, and governance layers forward. We’re building toward a metrics-first operating model, and you’ll build the instrumentation that makes that real. You’ll partner with HR, Security, and Engineering, and you’ll be expected to replace manual processes with durable, testable code wherever it exists. In your first year, success looks like a consolidated Okta footprint with orphaned accounts and stale SSO integrations cleaned up, access reviews running on a measurable cadence, and identity provisioning largely codified in Terraform rather than handled manually.

For candidates based in the US, the salary range for this position is $91,000 to $169,000 USD. For candidates based out of Canada, the salary range for this position is 132,000 to 157,000 CAD. Note: Please be aware that the job title for positions in Canada will be “Developer” in lieu of “Engineer.” We take into consideration an individual’s background and experience in determining final salary; therefore, base pay offered may vary considerably depending on geographic location, job-related knowledge, skills, and experience. The compensation package includes a wide range of medical, dental, vision, financial, and other benefits, as well as equity.

What You’ll Do

  • Own the enterprise identity platform as an engineering system — architect SSO integrations, lifecycle workflows, MFA policy, and group provisioning in Okta using IaC as the source of truth; configuration drift is a bug, not a ticket
  • Engineer the identity lifecycle management layer — design access control models and codify provisioning/deprovisioning workflows in IaC, partnering with HR systems to eliminate manual access operations and return clean provisioning capability to the helpdesk tier
  • Engineer access governance across the cloud and SaaS portfolio — own role assignments, group structures, and access controls across cloud infrastructure and collaboration platforms; design and automate periodic access reviews so auditability is structural, not procedural
  • Harden the device-to-identity trust boundary — own device trust integrations between our identity provider and MDM platforms, ensuring device compliance signals are correctly evaluated in access policy and that the control surface is fully codified
  • Rationalize and consolidate legacy identity surface — lead the technical cleanup of orphaned accounts, stale SSO integrations, and guest access sprawl across the SaaS portfolio; treat this as technical debt reduction with measurable outcomes
  • Build the IAM measurement layer — define, instrument, and track KPIs (access review completion rates, provisioning latency, orphaned account age, ticket volume trends) that justify investment decisions and demonstrate program maturity to Security leadership
  • Define the identity layer of our access request platform — architect the entitlement structures and access controls exposed through our self-service access tooling; codify the configuration in IaC and own the integration contract between identity infrastructure and the employee-facing access experience
  • Contribute to a unified service catalog — ensure identity workflows are clearly surfaced through a single employee-facing entry point and that the handoff between self-service and engineer-owned provisioning is unambiguous
  • Use AI coding agents as a first-class part of the identity engineering workflow — draft and validate Terraform modules, provisioning logic, and access-policy changes with AI assistance, and own review of anything AI-generated before it reaches production identity infrastructure

What We’re Looking For

  • Production experience in engineering and operating an enterprise identity platform at scale; SSO, lifecycle management, MFA, application integrations, and group-based access, with a strong bias toward configuration-as-code over manual administration
  • Strong IaC skills are required (Terraform or equivalent) applied to identity infrastructure — you write modules, manage state, and treat IaC plans as the change control mechanism
  • Deep working knowledge of SAML 2.0, OAuth 2.0, OIDC, and SCIM — you can debug a broken SAML assertion, reason through an OAuth flow, and design a SCIM provisioning schema without looking things up— including hands-on experience with custom authorization servers
  • Experience designing access control models in SaaS-heavy, remote-first environments. You understand the difference between a pragmatic access model and one that will collapse under growth
  • Experience governing access across cloud and SaaS platforms via SSO and SCIM — including group structures, permission boundaries, and collaboration platform controls
  • Comfort writing code to automate identity operations — Python, Go, or similar; you reach for a script before you reach for a ticket
  • Track record of defining measurable outcomes for security/identity programs and communicating them to non-technical stakeholders
  • Demonstrated fluency with AI coding/agent tools in a production engineering context — you can describe an end-to-end AI-assisted workflow you built (not just tool usage), and you know how to review AI-generated IaC or configuration before it ships

Nice to Have

  • Experience integrating device trust between an identity provider and MDM platforms to enforce compliance as a condition of access
  • Familiarity with self-service access request platforms
  • Experience operating in SOX, SOC 2, GDPR, CCPA, or COPPA compliance environments
  • Exposure to zero-trust architecture patterns and their application to workforce identity

AI-Native Expectations

  • Daily use: you use AI coding agents (e.g. Claude Code, Cursor, GitHub Copilot) daily to draft Terraform modules, provisioning scripts, and access-policy configuration — not just for autocomplete
  • Judgment and ownership: you review and are accountable for anything AI-generated before it touches production identity infrastructure; you can describe a time AI output was wrong and what you changed as a result
  • Velocity: AI fluency is expected to translate into measurable output leverage — faster IaC iteration, faster incident triage, fewer manual provisioning tickets
  • Team leadership: you share what you learn — reusable prompts, context docs, agent setups — and help raise the AI fluency of the broader Security/IT team
  • Continuous learning: you stay current on agentic tooling and bring recommendations back to the team rather than waiting for tooling decisions to be made for you

Our Benefits

  • Competitive pay and benefits.
  • Medical, dental, vision, life, and disability insurance plans (100% paid for US employees). We offer supplemental plans for medical and dental for Canadian employees.
  • 401(k) plan with company matching program in the US and RRSP with DPSP plan for Canadian employees.
  • Employee Assistance Program (EAP) for mental wellness.
  • Flexible PTO and 12 company-wide days off throughout the year.
  • Winter and Summer Weeklong Synchronized Company Shutdowns
  • Learning & Development programs.
  • Equipment, tools, and reimbursement support for a productive remote environment.
  • Free Life360 Platinum Membership for your preferred circle.
  • Free Tile Products

Life360 Values

Our company’s mission-driven culture is guided by our shared values to create a trusted work environment where you can bring your authentic self to work and make a positive difference

  • Be a Good Person - We have a team of high integrity people you can trust.
  • Be Direct With Respect - We communicate directly, even when it’s hard.
  • Members Before Metrics - We focus on building an exceptional experience for families.
  • High Intensity, High Impact - We do whatever it takes to get the job done.

Our Commitment to Diversity

We believe that different ideas, perspectives and backgrounds create a stronger and more creative work environment that delivers better results. Together, we continue to build an inclusive culture that encourages, supports, and celebrates the diverse voices of our employees. It fuels our innovation and connects us closer to our customers and the communities we serve. We strive to create a workplace that reflects the communities we serve and where everyone feels empowered to bring their authentic best selves to work.

We are an equal opportunity employer and value diversity at Life360. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, disability status or any legally protected status.

We encourage people of all backgrounds to apply. We believe that a diversity of perspectives and experiences create a foundation for the best ideas. Come join us in building something meaningful. Even if you don’t meet 100% of the below qualifications, you should still seriously consider applying!

#LI-Remote

\_\_\__________________________________________________________________________

Read the full description
Security Akamai: Security Architect II

Detects and mitigates cyber attacks in real-time for enterprise clients, analyzing threats and deploying security solutions on Akamai platforms.

Senior Posted 5 days ago We Work Remotely — Programming
What this role involves

Headquarters: Costa Rica
URL: http://akamai.com

Description

Are you excited by the prospect of detecting and mitigating the latest cyber attacks?

Would you enjoy protecting the world's leading brands in a fast-paced environment?

Work with industry leading technology

Our Team strives to be the most trusted support services partner and to keep our customers online businesses up and running. We utilize tools, process and knowledge to diagnose and resolve product, platform, and customer issues. Our team delivers managed services for both media and security to proactively maintain quality and protect our customers' online presence.

Respond to cyber attacks in real time

As a Security Architect II in SOCC, advising on mitigating attacks for managed security clients. Protect critical web applications and APIs for enterprises, including banks and e-commerce. Identify cyber threats using data, strategize mitigations, and deploy solutions. Ensure minimal impact on end users while addressing real-time security concerns.

As a Security Architect II, you will be responsible for:

  • Devising and engaging mitigation strategies to prevent real-time attacks, using Akamai products & platform
  • Conducting advanced analysis to identify attacks and threats targeting digital properties, web applications, and APIs.
  • Providing consultation & attack mitigation strategies to customers or peer teams based on the analysis

Do what you love

To be successful in this role you will:

  • Have +5 years of experience and a High School / Bachelor's degree in Computer Science or its equivalent
  • Have familiarity with Jupyter Notebooks, Streamlit, or Dash for rapid prototyping
  • Understand REST APIs, parse JSON, fetch scan data, utilize Python, and apply SQL effectively.
  • Have experience with Git and collaboration tools (Jira, Confluence, GitHub) and clustering (esp. for anomaly detection
  • Demonstrate expertise in Python, SQL, and foundational statistics, including mean, median, mode, and correlation.
  • Understand protocols such as HTTP, TCP/IP, OWASP top 10, and their relation to internet security risks.
  • Understand common attack preventive security techniques on L7

About us

At Akamai, we make life better for billions of people, trillions of times a day.
Whether you're streaming live events, scrolling social media, watching your favorite series, or managing your savings, we're the engine behind the scenes. We provide the world's most distributed platform from Cloud to Edge to help the giants of the digital world work faster and stay more secure, making the internet a better experience for everyone.

Our focus is simple:
Cloud and Edge: Running apps closer to users for instant performance.
Security: Neutralizing threats before they ever reach your data.
Content Delivery: Scaling the world's biggest moments without a glitch.
AI: Enabling our customers to build, secure, and scale AI apps on the world's most distributed cloud platform.

At Akamai, we don't just support the internet; we power and protect it, because behind every great digital experience is a massive hidden challenge. And we're the ones who solve it. When millions of people hit play or pay, Akamai ensures it just works.

Benefits at Akamai: We support your health, well-being, finances, and life beyond work. See our benefits.

FlexBase adapts to your job's needs

Akamai's FlexBase program is yet another way we show our commitment to providing employees with an exceptional workplace experience. It's not about telling employees where to work; it's about supporting employees to do their best work.

We trust our incredible employees to work in ways that suit them best: at home, in an office, or a combination of both.

Connect with us on social and see what life at Akamai is like!



To apply: https://weworkremotely.com/remote-jobs/akamai-security-architect-ii

Read the full description
Security Senior Security Engineer at Prolific

Senior Security Engineer performs hands-on application security work including vulnerability discovery, security testing, threat modeling, and building security tooling across the platform.

Senior Posted 6 days ago RemoteFirstJobs Product
What this role involves

Senior Security Engineer

Engineering

Prolific

Prolific is not just another player in the AI space – we are the architects of the human data infrastructure that’s reshaping the landscape of AI development. In a world where foundational AI technologies are increasingly commoditized, it’s the quality and diversity of human-generated data that truly differentiates products and models.

The role

Security at Prolific isn’t an afterthought, it’s foundational to how we build. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, the security of our application layer is critical. We handle participant data, researcher credentials, payment flows, and API integrations that demand rigorous protection at the code level.

As a Senior Security Engineer, you’ll be the technical authority on application security at Prolific. You’ll work hands-on with our engineering teams to find and fix vulnerabilities in our codebase, perform security testing, build security tooling, and embed secure development practices into how we ship software. This isn’t a governance or policy role, you’ll be in the code, reviewing pull requests, threat modelling new features, and building the automation that keeps our platform secure as we scale.

You’ll report to the Head of Engineering/Platform and work cross-functionally with product engineering, platform, data, and TechOps teams.

What you’ll bring to the role

  • Several years in application/product security and a background in software engineering
  • Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic abuse, supply chain)
  • Experience working with complex, large-scale systems and modern architectures
  • Hands-on security testing experience (especially Burp Suite) across web apps and APIs
  • Python for security tooling, automation, or custom detection (Django a plus)
  • Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD
  • Practical threat modelling experience, including leading lightweight sessions
  • Strong collaboration skills, able to clearly explain issues and drive remediation
  • Builder mindset, you automate wherever possible

Nice to haves..

  • Experience with Django, Vue.js, MongoDB, GCP
  • Security champions or bug bounty programmes
  • Supply chain security (SCA, SBOMs, dependency review)
  • IaC security (e.g. Terraform, policy-as-code)
  • Hands-on certifications (OSCP, GWAPT, BSCP)
  • Experience in scaling environments building out security practices

What you’ll be doing in the role

You’ll help secure Prolific’s applications end-to-end, from hands-on testing and code review to threat modelling and CI/CD security. You’ll partner closely with engineers to identify and fix vulnerabilities, build and tune security tooling, and embed secure development practices across the SDLC. This includes running penetration tests, improving detection coverage, and staying ahead of emerging threats to continuously strengthen our security posture.

Why Prolific is a great place to work

We’ve built a unique platform that connects researchers and companies with a global pool of participants, enabling the collection of high-quality, ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate, nuanced, and aligned AI systems.

We believe that the next leap in AI capabilities won’t come solely from scaling existing models, but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure, Prolific is positioning itself at the forefront of the next wave of AI innovation – one that reflects the breath and the best of humanity.

Working for us will place you at the forefront of AI innovation, providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary, benefits, and remote working within our impactful, mission-driven culture.

Links to more information on Prolific

Benefits

External Handbook

Website

Youtube

Privacy Statement

By submitting your application, you agree that Prolific may collect your personal data for recruiting and global organisation planning. Prolific’s Candidate Privacy Notice explains what personal information Prolific may process, where Prolific may process your personal information, its purposes for processing your personal information, and the rights you can exercise over Prolific use of your personal information.

Read the full description
Security Senior Security Engineer at Prolific

Hands-on application security engineer who finds and fixes vulnerabilities in code, performs security testing, builds security tooling, and embeds secure development practices across engineering teams.

Senior Posted 6 days ago RemoteFirstJobs Product
What this role involves

Senior Security Engineer

Engineering

Prolific

Prolific is not just another player in the AI space – we are the architects of the human data infrastructure that’s reshaping the landscape of AI development. In a world where foundational AI technologies are increasingly commoditized, it’s the quality and diversity of human-generated data that truly differentiates products and models.

The role

Security at Prolific isn’t an afterthought, it’s foundational to how we build. As a company trusted by world-leading research institutions and AI labs to handle sensitive data at scale, the security of our application layer is critical. We handle participant data, researcher credentials, payment flows, and API integrations that demand rigorous protection at the code level.

As a Senior Security Engineer, you’ll be the technical authority on application security at Prolific. You’ll work hands-on with our engineering teams to find and fix vulnerabilities in our codebase, perform security testing, build security tooling, and embed secure development practices into how we ship software. This isn’t a governance or policy role, you’ll be in the code, reviewing pull requests, threat modelling new features, and building the automation that keeps our platform secure as we scale.

You’ll report to the Head of Engineering/Platform and work cross-functionally with product engineering, platform, data, and TechOps teams.

What you’ll bring to the role

  • Several years in application/product security and a background in software engineering
  • Strong knowledge of OWASP Top 10 (Web & API) and modern attack paths (e.g. auth flaws, SSRF, injection, business logic abuse, supply chain)
  • Experience working with complex, large-scale systems and modern architectures
  • Hands-on security testing experience (especially Burp Suite) across web apps and APIs
  • Python for security tooling, automation, or custom detection (Django a plus)
  • Experience implementing and tuning SAST, SCA, DAST, and secret scanning in CI/CD
  • Practical threat modelling experience, including leading lightweight sessions
  • Strong collaboration skills, able to clearly explain issues and drive remediation
  • Builder mindset, you automate wherever possible

Nice to haves..

  • Experience with Django, Vue.js, MongoDB, GCP
  • Security champions or bug bounty programmes
  • Supply chain security (SCA, SBOMs, dependency review)
  • IaC security (e.g. Terraform, policy-as-code)
  • Hands-on certifications (OSCP, GWAPT, BSCP)
  • Experience in scaling environments building out security practices

What you’ll be doing in the role

You’ll help secure Prolific’s applications end-to-end, from hands-on testing and code review to threat modelling and CI/CD security. You’ll partner closely with engineers to identify and fix vulnerabilities, build and tune security tooling, and embed secure development practices across the SDLC. This includes running penetration tests, improving detection coverage, and staying ahead of emerging threats to continuously strengthen our security posture.

Why Prolific is a great place to work

We’ve built a unique platform that connects researchers and companies with a global pool of participants, enabling the collection of high-quality, ethically sourced human behavioral data and feedback. This data is the cornerstone of developing more accurate, nuanced, and aligned AI systems.

We believe that the next leap in AI capabilities won’t come solely from scaling existing models, but from integrating diverse human perspectives and behaviors into AI development. By providing this crucial human data infrastructure, Prolific is positioning itself at the forefront of the next wave of AI innovation – one that reflects the breath and the best of humanity.

Working for us will place you at the forefront of AI innovation, providing access to our unique human data platform and opportunities for groundbreaking research. Join us to enjoy a competitive salary, benefits, and remote working within our impactful, mission-driven culture.

Links to more information on Prolific

Benefits

External Handbook

Website

Youtube

Privacy Statement

By submitting your application, you agree that Prolific may collect your personal data for recruiting and global organisation planning. Prolific’s Candidate Privacy Notice explains what personal information Prolific may process, where Prolific may process your personal information, its purposes for processing your personal information, and the rights you can exercise over Prolific use of your personal information.

Read the full description
Security Senior Cyber Threat Analyst

Analyzes cyber threats, identifies vulnerabilities, and develops security strategies to protect organizational systems and data.

Senior Posted 8 days ago Himalayas
What this role involves
Position DescriptionValiant Solutions is seeking a Senior Cyber Threat Analyst to join our rapidly growing and innovative cybersecurity team!
Read the full description
Security Principal Security Field Engineer at Databricks

Principal Security Field Engineer who meets with customers to solve security and compliance questions, creates technical content, and builds scalable enablement resources for Databricks' data platform.

Senior Remote Posted 9 days ago RemoteFirstJobs Product
What this role involves

RDQ327R177

While candidates in the listed location(s) are encouraged for this role, candidates in other US locations will be considered.

The Security Field Engineering team helps data teams solve the world’s toughest problems by empowering customers to understand the security of the Databricks platform and by helping account teams address questions that come up during security reviews. Reporting to the Head of Security Field Engineering, you will meet with customers to answer questions, train other Databricks team members, build customer-facing content such as slide decks, white papers, and maybe write code that customers can use. Our team prioritizes scale – we’d rather spend an hour building a doc than be in ten hours of meetings, rather deliver agent skills and knowledge base articles than be the rock star answering all the questions. If you want high growth, autonomy, and to touch all elements of security, look no further.

The impact you will have:

  • You will be viewed as a security expert as you work with field teams and customers to understand architectures, address concerns and handle compliance questions
  • Your contributions may come in multiple ways, including customer interactions, scalable slides or white paper creation, internal enablement, process improvement, automation, or technical leadership—no one excels in every area, but all are valuable
  • When you’re on the call, you will be directly appreciated. When you’re not, your impact will be felt across the company through the enablement, collateral, knowledge management, and systems you build
  • You might not come from an assurance team, but you’ll come up to speed with common security and compliance regimes to save customers hours of effort and months of uncertainty
  • You will identify customer pain points and work with product management and product marketing will improve our product and our messaging
  • You will contribute to internal-facing services and automation that make life easier for our field staff and our customers.
  • You are probably already great at AI productivity, but you’ll sit in a group focused on becoming legendary.

What we look for:

  • 5+ years of technical pre-sales or post-sales experience where you’re the person in the room explaining the hard concepts
  • Equal love of understanding complex security principles and architectures, and of communicating them simply
  • Real-world experience in multiple security domains such as IaaS+PaaS+SaaS, network and endpoint security, web applications, vulnerability management, identity management, and SIEM, though not all are needed
  • You’ve done some scripting or programming, and are excited to use AI relentlessly to scale our impact across many thousands of customers and employees.
  • Understanding of the Databricks platform is a strong plus.

Pay Range Transparency

Databricks is committed to fair and equitable compensation practices. The pay range(s) for this role is listed below and represents the expected base salary range for non-commissionable roles or on-target earnings for commissionable roles.  Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to job-related skills, depth of experience, relevant certifications and training, and specific work location. Based on the factors above, Databricks anticipated utilizing the full width of the range. The total compensation package for this position may also include eligibility for annual performance bonus, equity, and the benefits listed above. For more information regarding which range your location is in visit our page here.

Zone 1 Pay Range

$270,300—$371,700 USD

Zone 2 Pay Range

$243,300—$334,500 USD

Zone 3 Pay Range

$229,800—$315,900 USD

Zone 4 Pay Range

$216,200—$297,350 USD

About Databricks

Databricks is the data and AI company. More than 10,000 organizations worldwide — including Comcast, Condé Nast, Grammarly, and over 50% of the Fortune 500 — rely on the Databricks Data Intelligence Platform to unify and democratize data, analytics and AI. Databricks is headquartered in San Francisco, with offices around the globe and was founded by the original creators of Lakehouse, Apache Spark™, Delta Lake and MLflow. To learn more, follow Databricks on Twitter, LinkedIn and Facebook.

BenefitsAt Databricks, we strive to provide comprehensive benefits and perks that meet the needs of all of our employees. For specific details on the benefits offered in your region click here.

Our Commitment to Diversity and Inclusion

At Databricks, we are committed to fostering a diverse and inclusive culture where everyone can excel. We take great care to ensure that our hiring practices are inclusive and meet equal employment opportunity standards. Individuals looking for employment at Databricks are considered without regard to age, color, disability, ethnicity, family or marital status, gender identity or expression, language, national origin, physical and mental ability, political affiliation, race, religion, sexual orientation, socio-economic status, veteran status, and other protected characteristics.

Compliance

If access to export-controlled technology or source code is required for performance of job duties, it is within Employer’s discretion whether to apply for a U.S. government license for such positions, and Employer may decline to proceed with an applicant on this basis alone.

Read the full description
Security Senior Security Automation Engineer at ClickHouse Japan

Design and build security automation infrastructure, provisioning engines, and compliance integrations to scale security operations and eliminate manual audit work.

Senior Posted 9 days ago RemoteFirstJobs Product
What this role involves

About ClickHouse

Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast-growing private cloud companies. With more than 3,000 customers and ARR that has grown over 250 percent year over year, ClickHouse leads the market in real-time analytics, data warehousing, observability, and AI workloads.

The company’s sustained, accelerating momentum was recently validated by a $400M Series D financing round. Over the past three months, customers including Capital One, Lovable, Decagon, Polymarket, and Airwallex have adopted the platform or expanded existing deployments. These customers join an established base of AI innovators and global brands such as Meta, Cursor, Sony, and Tesla.

We’re on a mission to transform how companies use data. Come be a part of our journey!

The Security organization at ClickHouse is built around a single mission: build customer trust through resilient, pragmatic security. We are establishing a new, centralized Security Automation capability—a dedicated function responsible for delivering automation work across all product lines and engineering dimensions at ClickHouse, acting as a technical force multiplier for our Security, Identity, and GRC functions.

This capability exists to solve a real problem: as we scale and mature, we must move beyond manual evidence gathering, point-in-time audits, and disconnected identity workflows. We are creating a focused, empowered team that owns security and identity automation end-to-end—from architecture and design through to implementation and delivery.

About the role

We are looking for an experienced Senior Security Automation Engineer to build the underlying automation fabric that allows our Security teams to scale. You will build a Universal Provisioning Engine and custom integration layers that satisfy external auditors while keeping internal teams focused on shipping features.

You will eliminate the engineering “interruption tax,” provide leadership with a real-time, data-driven view of our risk posture, and ensure continuous compliance with zero audit surprises. By solving the “Last-Mile Gap” in identity provisioning and extending compliance tools into our proprietary applications, you will ensure our most critical controls are continuously validated with programmatic precision.

What you will do:

Build the Security Telemetry and Risk Fabric

  • Control Design: Translate control frameworks into layered control implementations that prevent risks from being exploited and detect possible weaknesses within control design. Shift from reactive monitoring to self-healing security, preventing compliance drift before it becomes an audit finding.
  • Security Telemetry: Engineer a centralized security telemetry system that programmatically captures control evidence and health in real-time, transitioning from manual snapshots to continuous data streams for an ‘always-on’ view of our security posture.
  • Custom Assurance Logic: Engineer specialized automation that acts as its own continuous audit function to minimize findings and provide real-time insights into our automated control performance. Extend visibility into our proprietary applications and complex internal workflows, ensuring our most critical controls are continuously validated.
  • Agentic Risk Engine: Partner with our risk management function to build a secure mechanism to generate agentic risk assessments workflows using the data and results from what is collected.

Architect Universal Identity and Access Automation

  • Universal Provisioning Connectors: Architect solutions for systems that lack native IGA support (proprietary databases, custom apps, and niche SaaS) to ensure instant account creation and de-provisioning—eliminating tickets, wait-times, and providing maximum observability into the state of Clickhouse identities.
  • Customer-Approved Access Workflows: Architect the complex, high-trust workflows required for support teams to access customer-specific instances, ensuring actions are customer-approved, strictly time-bound, and automatically revoked via a “Trust-by-Design” model.
  • Centralized Security Visibility: Transition “hidden” access managed by disparate business units into a single, observable permissions inventory, gaining 100% visibility into permissions at the authZ level across our full suite of applications.
  • Automated Secret Discovery & Inventory: Develop automation to continuously discover and inventory secrets, credentials, and API keys throughout the environment, providing aging and rotation intervals for long lived keys.
  • Eliminate “Ghost Accounts”: Mitigate audit risks by ensuring automated de-provisioning for local identities, API keys, and persistent permissions across all target systems.

Partner Across Security, Engineering and Product

  • Work in tandem with GRC, Finance, and Security to build custom, bulletproof automation for compliance with different audit frameworks.
  • Eliminate the “Productivity Anchor” by removing manual provisioning workflows that slow down projects and flood teams with low-value administrative tickets.

What you bring along:

Security & Automation Engineering Depth

  • Strong hands-on background in security automation and identity engineering (IAM/IGA).
  • Strong proficiency in at least one commonly used programming language to build scalable automation. Experience with Python, JavaScript (TypeScript highly preferred), or Go is required.
  • Experience building scalable and reliable automation ecosystems
  • Familiarity with compliance automation, continuous control monitoring, and extending GRC tools to meet the granular requirements of a variety of compliance frameworks.
  • Understanding of risks associated with change management, logical access, and data integrity.

Execution and Delivery

  • Demonstrated ability to translate complex security/GRC mandates into automated workflows and self-healing technical guardrails.
  • Strong instincts for eliminating operational friction and the engineering “interruption tax.”
  • Experience delivering continuous data streams for security posture and risk validation.

Bonus Points:

  • BS, MS, or PhD in Computer Science or related field.
  • Previous experience at a cloud infrastructure, database, or developer tools company.
  • Experience with AI/Agentic risk engines and non-deterministic risk assessments.

The typical starting salary for this role in the US is

$125,000—$174,000 USD

The typical starting salary for this role in US Premium Markets is

$157,000—$205,000 USD

Compensation

For roles based in the United States, the typical starting salary range for this position is listed above. In certain locations, such as the San Francisco Bay Area and the New York City Metro Area, a premium market range may apply, as listed.

These salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting. The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments.

An individual’s placement within the range will depend on various factors, including (but not limited to) education, qualifications, certifications, experience, skills, location, performance, and the needs of the business or organization.

If you have any questions or comments about compensation as a candidate, please get in touch with us at paytransparency@clickhouse.com.

Perks

  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in over 20 countries.
  • Healthcare - Employer contributions towards your healthcare.
  • Equity in the company - Every new team member who joins our company receives stock options.
  • Time off - Flexible time off in the US, generous entitlement in other countries.
  • A $500 Home office setup if you’re a remote employee.
  • Global Gatherings– We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites.

Culture - We All Shape It

As part of a rapidly scaling start up, you will be instrumental in shaping our culture.

Are you interested in finding out more about our culture?  Learn more about our values here.  Check out our blog posts or follow us on LinkedIn to find out more about what’s happening at ClickHouse.

Equal Opportunity & Privacy

ClickHouse provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type based on factors such as race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Please see here for our Privacy Statement.

Read the full description
Security Senior Security Automation Engineer at ClickHouse Japan

Designs and builds security automation infrastructure, provisioning engines, and compliance controls that enable security teams to scale operations and reduce manual audit work.

Senior Posted 9 days ago RemoteFirstJobs Product
What this role involves

About ClickHouse

Recognized on the 2025 Forbes Cloud 100 list, ClickHouse is one of the most innovative and fast-growing private cloud companies. With more than 3,000 customers and ARR that has grown over 250 percent year over year, ClickHouse leads the market in real-time analytics, data warehousing, observability, and AI workloads.

The company’s sustained, accelerating momentum was recently validated by a $400M Series D financing round. Over the past three months, customers including Capital One, Lovable, Decagon, Polymarket, and Airwallex have adopted the platform or expanded existing deployments. These customers join an established base of AI innovators and global brands such as Meta, Cursor, Sony, and Tesla.

We’re on a mission to transform how companies use data. Come be a part of our journey!

The Security organization at ClickHouse is built around a single mission: build customer trust through resilient, pragmatic security. We are establishing a new, centralized Security Automation capability—a dedicated function responsible for delivering automation work across all product lines and engineering dimensions at ClickHouse, acting as a technical force multiplier for our Security, Identity, and GRC functions.

This capability exists to solve a real problem: as we scale and mature, we must move beyond manual evidence gathering, point-in-time audits, and disconnected identity workflows. We are creating a focused, empowered team that owns security and identity automation end-to-end—from architecture and design through to implementation and delivery.

About the role

We are looking for an experienced Senior Security Automation Engineer to build the underlying automation fabric that allows our Security teams to scale. You will build a Universal Provisioning Engine and custom integration layers that satisfy external auditors while keeping internal teams focused on shipping features.

You will eliminate the engineering “interruption tax,” provide leadership with a real-time, data-driven view of our risk posture, and ensure continuous compliance with zero audit surprises. By solving the “Last-Mile Gap” in identity provisioning and extending compliance tools into our proprietary applications, you will ensure our most critical controls are continuously validated with programmatic precision.

What you will do:

Build the Security Telemetry and Risk Fabric

  • Control Design: Translate control frameworks into layered control implementations that prevent risks from being exploited and detect possible weaknesses within control design. Shift from reactive monitoring to self-healing security, preventing compliance drift before it becomes an audit finding.
  • Security Telemetry: Engineer a centralized security telemetry system that programmatically captures control evidence and health in real-time, transitioning from manual snapshots to continuous data streams for an ‘always-on’ view of our security posture.
  • Custom Assurance Logic: Engineer specialized automation that acts as its own continuous audit function to minimize findings and provide real-time insights into our automated control performance. Extend visibility into our proprietary applications and complex internal workflows, ensuring our most critical controls are continuously validated.
  • Agentic Risk Engine: Partner with our risk management function to build a secure mechanism to generate agentic risk assessments workflows using the data and results from what is collected.

Architect Universal Identity and Access Automation

  • Universal Provisioning Connectors: Architect solutions for systems that lack native IGA support (proprietary databases, custom apps, and niche SaaS) to ensure instant account creation and de-provisioning—eliminating tickets, wait-times, and providing maximum observability into the state of Clickhouse identities.
  • Customer-Approved Access Workflows: Architect the complex, high-trust workflows required for support teams to access customer-specific instances, ensuring actions are customer-approved, strictly time-bound, and automatically revoked via a “Trust-by-Design” model.
  • Centralized Security Visibility: Transition “hidden” access managed by disparate business units into a single, observable permissions inventory, gaining 100% visibility into permissions at the authZ level across our full suite of applications.
  • Automated Secret Discovery & Inventory: Develop automation to continuously discover and inventory secrets, credentials, and API keys throughout the environment, providing aging and rotation intervals for long lived keys.
  • Eliminate “Ghost Accounts”: Mitigate audit risks by ensuring automated de-provisioning for local identities, API keys, and persistent permissions across all target systems.

Partner Across Security, Engineering and Product

  • Work in tandem with GRC, Finance, and Security to build custom, bulletproof automation for compliance with different audit frameworks.
  • Eliminate the “Productivity Anchor” by removing manual provisioning workflows that slow down projects and flood teams with low-value administrative tickets.

What you bring along:

Security & Automation Engineering Depth

  • Strong hands-on background in security automation and identity engineering (IAM/IGA).
  • Strong proficiency in at least one commonly used programming language to build scalable automation. Experience with Python, JavaScript (TypeScript highly preferred), or Go is required.
  • Experience building scalable and reliable automation ecosystems
  • Familiarity with compliance automation, continuous control monitoring, and extending GRC tools to meet the granular requirements of a variety of compliance frameworks.
  • Understanding of risks associated with change management, logical access, and data integrity.

Execution and Delivery

  • Demonstrated ability to translate complex security/GRC mandates into automated workflows and self-healing technical guardrails.
  • Strong instincts for eliminating operational friction and the engineering “interruption tax.”
  • Experience delivering continuous data streams for security posture and risk validation.

Bonus Points:

  • BS, MS, or PhD in Computer Science or related field.
  • Previous experience at a cloud infrastructure, database, or developer tools company.
  • Experience with AI/Agentic risk engines and non-deterministic risk assessments.

The typical starting salary for this role in the US is

$125,000—$174,000 USD

The typical starting salary for this role in US Premium Markets is

$157,000—$205,000 USD

Compensation

For roles based in the United States, the typical starting salary range for this position is listed above. In certain locations, such as the San Francisco Bay Area and the New York City Metro Area, a premium market range may apply, as listed.

These salary ranges reflect what we reasonably and in good faith believe to be the minimum and maximum pay for this role at the time of posting. The actual compensation may be higher or lower than the amounts listed, and the ranges may be subject to future adjustments.

An individual’s placement within the range will depend on various factors, including (but not limited to) education, qualifications, certifications, experience, skills, location, performance, and the needs of the business or organization.

If you have any questions or comments about compensation as a candidate, please get in touch with us at paytransparency@clickhouse.com.

Perks

  • Flexible work environment - ClickHouse is a globally distributed company and remote-friendly. We currently operate in over 20 countries.
  • Healthcare - Employer contributions towards your healthcare.
  • Equity in the company - Every new team member who joins our company receives stock options.
  • Time off - Flexible time off in the US, generous entitlement in other countries.
  • A $500 Home office setup if you’re a remote employee.
  • Global Gatherings– We believe in the power of in-person connection and offer opportunities to engage with colleagues at company-wide offsites.

Culture - We All Shape It

As part of a rapidly scaling start up, you will be instrumental in shaping our culture.

Are you interested in finding out more about our culture?  Learn more about our values here.  Check out our blog posts or follow us on LinkedIn to find out more about what’s happening at ClickHouse.

Equal Opportunity & Privacy

ClickHouse provides equal employment opportunities to all employees and applicants and prohibits discrimination and harassment of any type based on factors such as race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws.

Please see here for our Privacy Statement.

Read the full description