Information security analyst jobs in California - 1,058 jobs

Lambda, The Superintelligence Cloud, is a leader in AI cloud infrastructure serving tens of thousands of customers. Our customers range from AI researchers to enterprises and hyperscalers. Lambda's mission is to make compute as ubiquitous as electricity and give everyone the power of superintelligence. One person, one GPU. If you'd like to build the world's best AI cloud, join us. Note: This position requires presence in our San Francisco or San Jose office location 4 days per week; Lambda's designated work from home day is currently Tuesday. What You'll Do Validate and verify the organization's security controls and practices meet the requirements of ISO 27001, 27701, PCI, SOC 2 and other relevant regulatory requirements to ensure alignment to business objectives Manage IT Risk Register including risk identification, tracking, and prioritization. Assist with and drive remediation of control deficiencies and gaps Provide guidance to Control Owners in the planning, design, implementation, operation, maintenance & remediation of control activities and other supporting requirements (e.g. policies, standards, processes, system configurations, etc.) Communicate with technical and non-technical stakeholders and leaders on cybersecurity risk and controls management topics and program-specific reporting Assist with the Customer Trust program which may include managing customer assessments, and security questionnaires Assist control owners with root cause analysis and track risk management action plan progress. Create risk metrics for management regarding information security control maturity, compliance status, risks, performance and findings Assist with the third-party risk management assessment process, ensuring consistent enforcement of information security requirements You Have a minimum of 8 years of experience supporting cybersecurity risk or controls management programs with in-depth knowledge and experience of cybersecurity frameworks including ISO 27001 and 27701, PCI-DSS, SOC, NIST CSF and other regulatory requirements Have experience managing and running audits, certification programs and control assessments. This includes but is not limited to scope planning, defining control procedures based on requirements, policies and standards, control testing, and mapping issues to risks Have experience collaborating closely with engineers, business teams, and security partners, including incident response, red teams, and architects to seamlessly incorporate cybersecurity controls and risk management processes into their day-to-day operations Possess a strong ability to define, drive and execute a program vision, strategy, approach and milestones in alignment with organization priorities and initiatives Nice to Have Experience in the machine learning or computer hardware industry Experience with Security by Design and/or Privacy by Design principles Experience with standard cyber controls frameworks, including CIS Top18, NIST Cyber Security Framework (CSF), NIST 800.53, NIST 800.171, CMMC, Cybersecurity Maturity Model Certification (CMMC), ISO 27001 and 27701, and SOX ITGC control frameworks. Broad knowledge of IT infrastructure and architecture of computer systems as well as exposure to a variety of platforms such as operating systems, networks, databases, and ERP systems Familiarity with using third‑party tools such as Audit Board, Whistic, RSA Archer, ServiceNow for third‑party risk management Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) Certified in Risk and Information Systems Control (CRISC) Experience in the AI infrastructure, machine learning and/or computer hardware industry Salary Range Information The annual salary range for this position has been set based on market data and other factors. However, a salary higher or lower than this range may be appropriate for a candidate whose qualifications differ meaningfully from those listed in the job description. About Lambda Founded in 2012, with 500+ employees, and growing fast Our investors notably include TWG Global, US Innovative Technology Fund (USIT), Andra Capital, SGW, Andrej Karpathy, ARK Invest, Fincadia Advisors, G Squared, In‑Q‑Tel (IQT), KHK & Partners, NVIDIA, Pegatron, Supermicro, Wistron, Wiwynn, Gradient Ventures, Mercato Partners, SVB, 1517, and Crescent Cove We have research papers accepted at top machine learning and graphics conferences, including NeurIPS, ICCV, SIGGRAPH, and TOG Our values are publicly available: ************************* We offer generous cash & equity compensation Health, dental, and vision coverage for you and your dependents Wellness and commuter stipends for select roles 401k Plan with 2% company match (USA employees) Flexible paid time off plan that we all actually use A Final Note: You do not need to match all of the listed expectations to apply for this position. We are committed to building a team with a variety of backgrounds, experiences, and skills. Equal Opportunity Employer Lambda is an Equal Opportunity employer. Applicants are considered without regard to race, color, religion, creed, national origin, age, sex, gender, marital status, sexual orientation and identity, genetic information, veteran status, citizenship, or any other factors prohibited by local, state, or federal law. #J-18808-Ljbffr

Swiftly is on a mission to help cities move more efficiently. We are the leading transit data platform for agencies to share real‑time passenger information, manage day‑to‑day operations, and improve service performance. Today, over 180 transit agencies in 12 countries - including LA Metro, MARTA, SEPTA, and MBTA - rely on Swiftly to improve on‑time performance by up to 40% and increase passenger information accuracy by up to 50%. The result is better service reliability, increased ridership, and more efficient transit operations. Even though Swiftly's HQ office is located in San Francisco, CA, we are open to candidates in most locations across the U.S. as well as Ontario and British Columbia, Canada. At this time we are unable to provide Visa sponsorship. Engineering at Swiftly Engineering at Swiftly is not only about writing code - we believe in creating empowered product teams that work together to conceptualize new features and bring them to life. Each team aims to strike a balance between delivering incremental improvements, creating prototypes to test new ideas and mitigate risks, and building scalable software using industry best practices. We're guided by a mission to positively impact transit riders, and we embrace humility and intentionality in how we make technical decisions so that we best meet our customers' needs. About the Role We're looking for a Lead Security Engineer to join our Platform team and mature Swiftly's security posture. We believe excellent security isn't just about tools and controls; it's about empowering product, infrastructure, and corporate IT teams across our organization to make secure decisions every day. In this role, you'll partner closely with engineering, product, and go‑to‑market teams to design secure solutions, build DevSecOps tooling, and drive our compliance roadmap. You'll balance strategic initiatives with hands‑on work in our cloud‑native environment. We're looking for someone equally comfortable working on codebases and leading cross‑functional initiatives, a force multiplier who can train teams, represent security to customers and executives, and make security a natural part of how Swiftly ships products. We use AI tools for scheduling and summarization in our hiring process. We do not use AI tools to make decisions about who moves forward or to assess the strength of candidates. Every application is reviewed and all hiring decisions are made by Swiftly team members. This is an active, open role that we are currently hiring for at Swiftly. What You'll Do Make Swiftly Secure Own Swiftly's security risk register and threat models; identify, prioritize, and drive remediation of risks across application and infrastructure. Design secure architectures for our SaaS platform, mobile applications, and IOT/Hardware Integration, focusing on authentication, authorization, data protection, and network boundaries. Recommend, implement, and manage security tools end‑to‑end. Build DevSecOps guardrails into CI/CD so vulnerabilities, misconfigurations, and license issues surface early. Conduct internal security assessments and coordinate engagements with external penetration testers. Own security policies and standards; ensure they're practical, adopted, and measurable. Define standards for secure adoption of AI coding assistants, building reusable patterns, custom configurations, and guardrails that help developers move fast safely. Compliance & Customer Trust Lead renewals and continuous readiness for existing certifications like SOC 2. Proactively identify security frameworks required for international expansion; scope cost, level of effort, and timelines to inform market entry decisions; and lead execution of new certifications. Respond to customer security and compliance inquiries and support product marketing with security content. Incident Response & Detection Design and maintain security incident response plans, playbooks, and escalation paths. Serve as an escalation point for security incidents; lead triage, root cause analysis, and remediation. Security Leadership Define and maintain security KPIs and dashboards for executive and board reporting. Give teams visibility into their security posture and coach them to improve. Influence roadmap prioritization to ensure security and compliance are first‑class concerns. Mentor engineers in secure design and help grow a security‑aware culture across Swiftly by delivering security training and office hours for developers and other stakeholders. Drive corporate IT security strategy, including endpoint hardening, email security, IAM standards, and periodic access reviews. What will set you up for success 5+ years of experience in security engineering with both strategic and hands‑on work. Strong experience securing cloud‑native environments (AWS preferred), including IAM, networking, logging/monitoring, and secrets management. Hands‑on experience with infrastructure‑as‑code (Terraform) and policy‑as‑code frameworks (OPA, Sentinel, or similar). Background building security into CI/CD pipelines and development workflows. Familiarity with container and orchestration security. Excellent threat modeling and risk assessment skills; able to translate complex risks into clear options and tradeoffs. Experience with compliance frameworks (SOC 2 preferred) and audit processes. Strong communication skills; comfortable working across technical and non‑technical teams. Self‑directed and comfortable operating with autonomy. Nice to Haves Relevant certifications (CISSP, cloud security certifications). Experience advising on security for AI/ML or LLM‑powered features. Mobile application security experience (Android preferred). Experience with GRC and compliance platforms. Background in application security or penetration testing. Experience with international compliance frameworks. Familiarity with regulated industries or public sector requirements. Experience with physical device security (IoT, embedded systems, or field‑deployed hardware). Experience with Mobile Device Management (MDM) solutions for enterprise or fleet deployments. Pay Range In accordance with pay transparency laws, please see the approximate salary ranges below. These ranges represents the anticipated low and high end of the salary for this position. Actual salaries will vary and are based on a multitude of non‑discriminatory factors including final role leveling decisions, a candidate's relevant work experiences/skills, and geographic location. Salary is one component of Swiftly's total compensation package, which also includes stock options, competitive benefits, 401(k)/RRSP matching, a fantastic team and culture, opportunity to have a huge impact, emphasis on professional growth and holistic wellness, and other perks. US Salary Range: $140,000 - 200,000 Canadian Salary Range: $165,000 - 200,000 Beyond the Skills We are looking for candidates who are passionate about mobility, sustainability, or mission‑oriented projects that have a significant real‑world impact. Ideal candidates encompass the core values of our company: Team. Together, we are more effective and better supported. Impact. Drive impact for our customers, our company, and all of our teams. Diversity. See differing perspectives as ways to address our weaknesses and find new strengths. Communication. Assume others internally and externally have good intentions. Feedback. We share feedback because we want each other to grow professionally and personally. Growth. Foster personal, professional, and company growth. Benefits Competitive salary Equity compensation (company ownership) for every employee Medical, Dental and Vision Retirement with Employer Match Flexible Spending Account (FSA) Home office setup reimbursement Monthly cell/internet reimbursement Monthly "Be Well" stipend Flexible PTO with a recommended minimum Flexible work environment 16 paid holidays - including months without U.S. national holidays 8 fully paid weeks of leave for childbirth/adoption Travel note Swiftly employees can generally expect to travel 1-2 times a year for in‑person company or team offsites. As a fully distributed company, we consider these offsites important for cultivating strong relationships across our teams! Attending these in‑person is expected and encouraged, although we understand everyone has different personal circumstances and we will consider requests for exceptions. Customer‑facing team members and other specific roles may be expected to travel more frequently. Equal Opportunity Statement We are an equal opportunity employer - we are committed to a workplace that is as dynamic, diverse, and passionate as the communities we serve. #J-18808-Ljbffr

Security is at the foundation of OpenAI's mission to ensure that artificial general intelligence benefits all of humanity. The Security team protects OpenAI's technology, people, and products. We are technical in what we build but are operational in how we do our work, and are committed to supporting all products and research at OpenAI. Our Security team tenets include: prioritizing for impact, enabling researchers, preparing for future transformative technologies, and engaging a robust security culture. About the Role We're seeking an exceptional Principal-level Offensive Security Engineer to challenge and strengthen OpenAI's security posture. This role isn't your typical red team job - it's an opportunity to engage broadly and deeply, craft innovative attack simulations, collaborate closely with defensive teams, and influence strategic security improvements across the organization. You have the chance to not only find vulnerabilities but actively drive their resolution, automate offensive techniques with cutting-edge technologies, and use your unique attacker perspective to shape our security strategy. This role will be primarily focused on continuously testing our hardware products and related services. In this role you will: Collaborate proactively with engineering teams to enhance security and mitigate risks in hardware, firmware, and software. Perform comprehensive penetration testing on our diverse suite of products. Leverage advanced automation and OpenAI technologies to optimize your offensive security work. Present insightful, actionable findings clearly and compellingly to inspire impactful change. Influence security strategy by providing attacker-driven insights into risk and threat modeling. You might thrive in this role if you have: 7+ years of hands‑on experience or exceptional accomplishments demonstrating equivalent expertise. Exceptional skill in code review, identifying novel and subtle vulnerabilities. Demonstrated mastery assessing complex technology stacks, including: Proven ability to reverse engineer bootrom images, firmware, or silicon‑level components. Deep familiarity with low‑level kernel operations, secure boot processes, and hardware‑software interactions. Hands‑on experience building and validating secure boot chains and threat models. Proficiency with hardware debugging tools (UART, JTAG, SWD, oscilloscopes, logic analyzers). Solid programming skills in C/C++, Python, or assembly for embedded systems. Industry experience securing consumer hardware (e.g., mobile devices, IoT, chipsets). Excellent written and verbal communication skills for technical and non‑technical audiences. Strong intuitive understanding of trust boundaries and risk assessment in dynamic contexts. Excellent coding skills, capable of writing robust tools and automation for offensive operations. Ability to communicate complex technical concepts effectively through compelling storytelling. Proven track record of not just finding vulnerabilities but actively contributing to solutions in complex codebases. Prior experience working in tech startups or fast‑paced technology environments. Experience in related disciplines such as Software Engineering (SWE), Detection Engineering, Site Reliability Engineering (SRE), Security Engineering, or IT Infrastructure. About OpenAI OpenAI is an AI research and deployment company dedicated to ensuring that general‑purpose artificial intelligence benefits all of humanity. We push the boundaries of the capabilities of AI systems and seek to safely deploy them to the world through our products. AI is an extremely powerful tool that must be created with safety and human needs at its core, and to achieve our mission, we must encompass and value the many different perspectives, voices, and experiences that form the full spectrum of humanity. We are an equal opportunity employer, and we do not discriminate on the basis of race, religion, color, national origin, sex, sexual orientation, age, veteran status, disability, genetic information, or other applicable legally protected characteristic. Qualified applicants with arrest or conviction records will be considered for employment in accordance with applicable law, including the San Francisco Fair Chance Ordinance, the Los Angeles County Fair Chance Ordinance for Employers, and the California Fair Chance Act. For unincorporated Los Angeles County workers: we reasonably believe that criminal history may have a direct, adverse and negative relationship with the following job duties, potentially resulting in the withdrawal of a conditional offer of employment: protect computer hardware entrusted to you from theft, loss or damage; return all computer hardware in your possession (including the data contained therein) upon termination of employment or end of assignment; and maintain the confidentiality of proprietary, confidential, and non‑public information. In addition, job duties require access to secure and protected information technology systems and related data security obligations. To notify OpenAI that you believe this job posting is non‑compliant, please submit a report through this form . No response will be provided to inquiries unrelated to job posting compliance. We are committed to providing reasonable accommodations to applicants with disabilities, and requests can be made via this link. At OpenAI, we believe artificial intelligence has the potential to help people solve immense global challenges, and we want the upside of AI to be widely shared. Join us in shaping the future of technology. #J-18808-Ljbffr

A leading data protection firm is seeking a Machine Learning Engineer to develop GenAI architectures and secure AI workflows. Ideal candidates should hold a PhD or MS in Computer Science and possess 2+ years of relevant experience. Key responsibilities include developing and testing machine learning models, conducting experiments, and collaborating within a team. The role offers competitive compensation along with benefits including health, PTO, and 401K options. #J-18808-Ljbffr

A leading crypto platform is seeking a Senior IAM Security Engineer to secure identity and access management systems. The role involves developing IAM services, collaborating with engineering teams, and ensuring secure authentication patterns. Candidates should have solid software development skills in Python or Go, experience with PKI and secrets management, and a strong understanding of identity protocols. This position offers a competitive salary and a hybrid work approach, with office presence required twice a week in San Francisco or New York City. #J-18808-Ljbffr

A leading technology firm in Palo Alto is seeking a knowledgeable security expert to oversee day-to-day threat management and improve incident responses. The ideal candidate has 2+ years of experience in information security and strong Python scripting skills. You will work on enhancing security monitoring and collaborate with various teams to handle security incidents effectively. This role comes with a competitive salary range and comprehensive benefits including equity, medical coverage, and a 401(k) plan. #J-18808-Ljbffr

Loft Orbital is revolutionizing access to space by building reliable, shareable satellites that drastically reduce the time and complexity traditionally required to get to orbit. We operate satellites, fly customer payloads, and handle entire missions from end‑to‑end. Our team of space enthusiasts, software experts, and cutting‑edge technologists work together to make space simple for our customers. As a Senior Security Engineer on our Security and Compliance Team, you will ensure that our highly automated, containerized, and globally distributed infrastructure remains secure throughout its lifecycle, from architecture to incident response. You will be at the heart of our DevSecOps efforts, collaborating directly with infrastructure, software, product, and solution teams to scale Loft's security maturity while embracing our startup agility and culture. This hands‑on, deeply collaborative role offers broad scope, rapid growth opportunities, and a chance to contribute to space missions. About the Role Champion DevSecOps best practices by designing and implementing security controls directly into CI/CD pipelines (e.g., GitLab CI). Lead and automate application and infrastructure security assessments, including threat modeling and code review. Partner with developers and SREs to identify, remediate, and prevent vulnerabilities through secure design and practical guidance. Design, build, and maintain secure architecture patterns for containerized, cloud‑native, and distributed workloads. Develop and maintain automated security tooling, such as container image scanning, IaC validation, and policy‑as‑code. Collaborate on automated security tooling for container image scanning, IaC validation, and RBAC compliance. Support incident response workflows, including detection, forensics, root cause analysis, and post‑mortems. Provide technical mentorship and real‑time enablement to help teams adopt a "secure‑by‑default" mindset. Contribute to internal security tools and automation using Python, Go, or other modern languages. Continuously improve how we measure and scale security across our SRE and infrastructure platforms. Must Have Deep experience with cloud security in AWS, Azure, or GCP environments. Strong knowledge of container and Kubernetes security in production environments. Proficiency in at least one modern programming language (e.g., Python, Go, C++). Hands‑on experience with zero‑trust architecture, service mesh, and software‑defined networking. Solid understanding of DevSecOps pipelines, IaC tools, and secure build processes. Hands‑on experience with vulnerability scanning, SAST/DAST tools, and automated security testing. Proven success in fast‑paced, highly collaborative environments, ideally at a startup or scale‑up. Comfortable working closely with developers and SREs in an enablement‑first security culture. Clear, concise communication and documentation skills. Ability to thrive in a multicultural, globally distributed engineering team. Master's degree in Computer Science or a similar field. Nice to Have Practical experience with policy‑as‑code (OPA, Sentinel, etc.). Understanding of software‑defined networking and security policy enforcement in mesh environments. Familiarity with modern SRE practices, observability, and resilience engineering. Contributions to open‑source security tools or frameworks. Interest or experience in space operations or aerospace systems. Benefits 100% company‑paid medical, dental, and vision insurance for employees and dependents. Flexible Spending (FSA) and Health Savings (HSA) accounts with an employer contribution to the HSA. 100% employer paid Life, AD&D, Short‑Term, and Long‑Term Disability insurance. Flexible time‑off policy for vacation and sick leave, and 12 paid holidays. 401(k) plan and equity options. Daily catered lunches and office snacks. International exposure to our team in France. Fully paid parental leave; 14 weeks for birthing parent and 10 weeks for non‑birthing parent. Carrot Fertility provides comprehensive, inclusive fertility healthcare and family‑forming benefits with financial support. Off‑sites and many social events and celebrations. Relocation assistance when applicable. Compensation Salary range: $140,250 - $190,000 per year. The range is intentional and reflects differences in experience, knowledge, skills, and abilities. EEO Statement Research shows that while men apply to jobs where they meet an average of 60% of the criteria, women and other underrepresented people tend to only apply when they meet 100% of the qualifications. At Loft, we value respectful debate and people who aren't afraid to challenge assumptions. We strongly encourage you to apply, even if you don't check all the boxes. Who We Are Loft: Space Made Simple. Founded in 2017, Loft provides governments, companies, and research institutions with a quick, reliable, and flexible way to launch missions in orbit. We integrate, launch, and operate spacecraft, offering end‑to‑end missions as a service across Earth observation, IoT connectivity, in‑orbit demonstrations, national security missions, and more. With more than 25 missions flown, Loft's proven technology enables customers to focus on their mission objectives. With four satellites on‑orbit and a wave of exciting missions launching soon, we are scaling up across San Francisco, CO and Toulouse, France. The team is international, so strong English skills are required for collaboration. Please mention the word UNREAL in your application to show that you have read the job post completely. #J-18808-Ljbffr

Loft Orbital is revolutionizing access to space by building reliable, shareable satellites that drastically reduce the time and complexity traditionally required to get to orbit. We operate satellites, fly customer payloads, and handle entire missions from end‑to‑end. We're a close‑knitted team of space enthusiasts, software experts, and cutting‑edge technologists, all working together to make space simple for our customers. As a Senior Security Engineer on our Security and Compliance Team, your mission will be to ensure that our highly automated, containerized, and globally distributed infrastructure remains secure throughout its lifecycle, from architecture to incident response. You'll be at the heart of our DevSecOps efforts, collaborating directly with infrastructure, software, product, and solution teams to scale Loft's security maturity while embracing our startup agility and culture. This is a hands‑on, deeply collaborative role, offering broad scope, rapid growth opportunities, and yes, a chance to contribute to space missions. About the Role: Champion DevSecOps best practices by designing and implementing security controls directly into our CI/CD pipelines (e.g., GitLab CI). Lead and automate application and infrastructure security assessments, including threat modeling and code review. Partner with developers and SREs to identify, remediate, and prevent vulnerabilities through secure design and practical guidance. Design, build, and maintain secure architecture patterns for containerized, cloud‑native, and distributed workloads. Develop and maintain automated security tooling, such as container image scanning, IaC validation, and policy‑as‑code. Collaborate on automated security tooling for container image scanning, IaC validation, and RBAC compliance. Support incident response workflows, including detection, forensics, root cause analysis, and post‑mortems. Provide technical mentorship and real‑time enablement to help teams adopt a “secure‑by‑default” mindset. Contribute to internal security tools and automation using Python, Go, or other modern languages. Continuously improve how we measure and scale security across our SRE and infrastructure platforms. Must Haves: Deep experience with cloud security in AWS, Azure, or GCP environments. Strong knowledge of container and Kubernetes security in production environments. Proficiency in at least one modern programming language (e.g., Python, Go, C++). Hands‑on experience with zero‑trust architecture, service mesh, and software‑defined networking. Solid understanding of DevSecOps pipelines, IaC tools, and secure build processes. Hands‑on experience with vulnerability scanning, SAST/DAST tools, and automated security testing. Proven success in fast‑paced, highly collaborative environments, ideally at a startup or scale‑up. Comfortable working closely with developers and SREs in an enablement‑first security culture. Clear, concise communication and documentation skills. Ability to thrive in a multicultural, globally distributed engineering team. Nice to Haves: Practical experience with policy‑as‑code (OPA, Sentinel, etc.). Understanding of software‑defined networking and security policy enforcement in mesh environments. Familiarity with modern SRE practices, observability, and resilience engineering. Contributions to open‑source security tools or frameworks. Interest or experience in space operations or aerospace systems. Some of Our Awesome Benefits: 100% company‑paid medical, dental, and vision insurance option for employees and dependents Flexible Spending (FSA) and Health Savings (HSA) Accounts offered with an employer contribution to the HSA 100% employer paid Life, AD&D, Short‑Term, and Long‑Term Disability insurance Flexible Time Off policy for vacation and sick leave, and 12 paid holidays 401(k) plan and equity options Daily catered lunches and snacks in office International exposure to our team in France Fully paid parental leave; 14 weeks for birthing parent and 10 weeks for non‑birthing parent Carrot Fertility provides comprehensive, inclusive fertility healthcare and family‑forming benefits with financial support Off‑sites and many social events and celebrations Relocation assistance when applicable $140,250 - $190,000 a year State law requires us to tell you the base compensation range for this role, which is $140,250- $190,000 per year. This is determined by your education, experience, knowledge, skills, and abilities. The salary range for this role is intentionally wide as we evaluate individuals based on their unique experience and abilities to fit our needs. Most importantly, we are excited to meet you, and see if you are a great fit for our team. What we can't quantify for you are the exciting challenges, supportive team, and amazing culture we enjoy. * Research shows that while men apply to jobs where they meet an average of 60% of the criteria, women and other underrepresented people tend to only apply when they meet 100% of the qualifications. At Loft, we value respectful debate and people who aren't afraid to challenge assumptions. We strongly encourage you to apply, even if you don't check all the boxes. Who We Are Loft: Space Made Simple. Founded in 2017, Loft provides governments, companies, and research institutions with a fast, reliable, and flexible way to deploy missions in orbit. We integrate, launch, and operate spacecraft, offering end‑to‑end missions as a service across Earth observation, IoT connectivity, in‑orbit demonstrations, national security missions, and more. Leveraging our existing space infrastructure and an extensive inventory of satellite buses, Loft is reducing years‑long integration and launch timelines to months. With more than 25 missions flown, Loft's flight heritage and proven technologies enable customers to focus on their mission objectives. At Loft, you'll be given the autonomy and ownership to solve significant challenges, but with a close‑knot and supportive team at your back. We believe that diversity and community are the foundation of an open culture. We are committed to hiring the best people regardless of background and make their time at Loft the most fulfilling period of their career. We value kind, supportive and team‑oriented collaborators. It is also crucial for us that you are a problem solver and a great communicator. As our team is international, you will need strong English skills to better collaborate, easily communicate complex ideas and convey important messages. With 4 satellites on‑orbit and a wave of exciting missions launching soon, we are scaling up quickly across our offices in San Francisco, CA | Golden, CO | and Toulouse, France. As an international company your resume will be reviewed by people across our offices so please attach a copy in English. #J-18808-Ljbffr

A leading technology company in San Francisco is seeking a Senior Security Engineer to enhance security measures across systems and services. You will collaborate with product, engineering, and IT teams to design and implement security monitoring and fraud detection solutions. Ideal candidates will possess strong communication skills, expertise in EDR solutions, and a solid understanding of AWS services. Competitive salary of $146,000 to $170,000 plus bonus and equity opportunities are included. #J-18808-Ljbffr

A leading technology company is seeking a Corporate Security Engineer to safeguard data and infrastructure. The role involves managing security solutions and optimizing corporate security posture with a focus on endpoint security, IAM, and incident response. Ideal candidates should have 3-5 years of experience in security roles and a strong understanding of modern security principles. The position offers competitive compensation and benefits within a sustainable AI-first company culture. #J-18808-Ljbffr

EchoTwin AI is pioneering AI-driven infrastructure intelligence, redefining how cities are managed. Powered by a proprietary visual intelligence engine with full spatial reasoning, EchoTwin transforms municipal fleets into mobile urban sensors-creating living digital twins that provide real-time insights into infrastructure, compliance, and safety. By enabling municipalities to proactively monitor, predict, and resolve issues, EchoTwin helps build resilient, self-healing, and sustainable urban ecosystems. More than “smart cities,” EchoTwin is advancing the era of cognizant cities-urban environments with the awareness to see, think, and act on challenges in real time. What The Job Involves Our Engineering teams work at the cutting edge of technology, leveraging AWS and GCP cloud services and developing our own Linux-based edge devices. As a dynamic startup, we understand the critical importance of cybersecurity in protecting our innovative solutions and ensuring the safety of our digital environment and customer data. We're seeking a passionate Security Engineer to lead our cybersecurity initiatives and safeguard our code and infrastructure against ever-evolving threats. You will manage security for our production and corporate systems, handle security alerts, implement policies, and collaborate with external customers on security needs. Responsibilities Develop and implement comprehensive security strategies for our cloud environments (AWS and GCP) and Linux-based systems. Design and implement public/private key management and PKI (Private Key Infrastructure) for our edge devices. Perform regular security audits, risk assessments, and penetration testing to identify vulnerabilities in our code and infrastructure. This includes conducting thorough code audits from a security perspective to ensure our applications are developed with the highest security standards. Design and manage security protocols for our edge devices, ensuring robust protection against external threats. Stay abreast of the latest cybersecurity trends and threats, applying this knowledge to fortify our defenses. This includes proactive monitoring and implementing fixes for zero-day vulnerabilities to prevent exploitation. Develop and enforce security policies and procedures, conducting security awareness training across the company to cultivate a security-first culture. Collaborate with development teams to integrate security measures into the software development lifecycle (SDLC), promoting security best practices for application development to mitigate risks from the outset. Respond swiftly to security incidents, leading the investigation and remediation efforts to minimize impact. This includes resolving security breaches and ensuring that similar vulnerabilities are addressed across all projects. We work with our partners and clients to have deep technical discussions about security posture, review and discuss the security requirements, and formulate the necessary changes for the engineering team. Manage and maintain CIS-compliant OS images for our Cloud infrastructure and field devices. Must possess demonstrable knowledge of application security, security testing methodologies, and application security testing automation. Qualifications Degree in Computer Science, Engineering, or related field. 6+ years of software engineering or equivalent experience. Experience with one of the core (Golang, Python) programming languages, scripting, and automation. Strong knowledge of encryption protocols, public/private key management, and PKI (Private Key Infrastructure). Strong understanding of network security, encryption practices, and secure coding principles. Proven experience in cloud security management (AWS, Azure, GCP). Familiarity with security policies and controls for internal corporate applications (Google Workspace, GitHub, Jira). Familiarity with security compliance standards relevant to our industry. Strong skills in managing security tools and vendor relationships. Excellent ability to develop and implement security policies and guidelines. Understanding of blockchain principles is a plus. Relevant certifications in security and cloud platforms are highly desirable. Benefits and Perks There are endless learning and development opportunities from a highly diverse and talented peer group, including experts in various fields, including Computer Vision, GenAI, Digital Twin, Government Contracting, Systems and Device Engineering, Operations, Communications, and more! Options for medical, dental, and vision coverage for employees and dependents (for US employees) Flexible Spending Account (FSA) and Dependent Care Flexible Spending Account (DCFSA) 401(k) with 3% company matching Unlimited PTO Profit sharing #J-18808-Ljbffr

A technology innovator based in San Francisco is looking for a Security Operations Engineer to enhance their cloud-first security posture. Responsibilities include leading incident response, optimizing detection tools, and implementing security best practices. Ideal candidates will have over five years in security operations, a solid understanding of threat workflows, and scripting skills. The role offers competitive salary packages and numerous benefits including health coverage and paid leave. #J-18808-Ljbffr

Senior Security Engineer, Content Engineering at Practical DevSecOps Job Type: Permanent(Full Time/Full-Time) Function: Application Security Engineer Experience Required: 5-6 years Job: We are looking for a Senior Security Engineer to help us with our content engineering team. We are a remote‑first company, so you'll work with our remote team to create great security content that delights our customers. What is the role of a Senior Security Engineer? The Senior Security Engineer job includes research and development in DevSecOps and Cloud‑Native Technologies. You'll also be helping security professionals from fortune 500, defense, and other IT security organizations with their security upskilling needs by creating advanced and hands‑on security content. For this, you need to have a strong ability to communicate with different stakeholders in the organization. If you can communicate well and work methodically as part of a team, we'd like to meet you. What you will do: Help security professionals and developers in SDLC, especially in requirements analysis, design, implementation, testing, integration, verification, and maintenance of the DevSecOps Environment. Embed security as part of CI/CD and DevOps pipelines. Build new hands‑on lessons and content Help build tools to make it easier and faster to release new content Keep existing courses, lessons, and challenges up to date Proactively look for ways to scale, streamline and improve business processes Ensure final deliverables meet the organization's quality requirements. Help professionals with their questions by being available through support forums. Perform other duties as assigned We are looking for: 5+ years of experience in application security or product security roles. Desire to work in cutting‑edge product security technologies like DevSecOps, Cloud Native Technologies, and Zero Trust networks. Good understanding of application security concepts and tools. Passion for improving the state of the AppSec and DevSecOps in the world. Experience with scripting languages (Bash, Python, Go). Ability to write detailed technical guides and create presentations. Adaptability in a fast‑paced startup environment and interest in taking on additional responsibility. Ability to work independently with minimal supervision in a remote team setup. Excellent oral and written communication skills. If that sounds like you, get in touch! We have an amazing team and working culture, and we offer: Work from home with periodic office work and travel (including our yearly retreats to exotic locations) Apple/Mac Stack (MBP/Keynote) Highly competitive compensation And much more! About Practical DevSecOps Practical DevSecOps (a Hysn Technologies Inc company) offers vendor‑neutral, practical, and hands‑on DevSecOps training and certification programs for IT Professionals. Our online training and certifications are focused on new areas of information security, including DevOps Security, Cloud‑Native Security, Cloud Security & Container security. The certifications are achieved after rigorous tests (12‑24 hour exams) of skill and are considered the most valuable in the information security field. Why Explore a Career at Practical DevSecOps At Hysn Technologies Inc, we are working on creating revolutionary security products and services. With offices located globally (San Francisco, Singapore, and India), we believe in creating simple, usable, and excellent security products that delight our customers. We are remote work‑friendly and provide significant benefits like work from home (5 days a week if you wish), medical, and career growth benefits! We look for people who know how to get stuff done, and who aren't afraid of getting their hands dirty. We want people who are hungry and humble, who take risks and thrive in fast‑paced, fluid environments. We want people who take ownership of their work, don't take themselves too seriously, and treat everyone with respect. We think it takes all kinds, all types, all ethnicities, and all genders, to make a great organization. So if you have a passion for the Information Security industry, you're comfortable working in a startup environment, and you meet the criteria above, we'd love to get to know you! Freelancers and Agencies, please excuse us. #J-18808-Ljbffr

Heartflow is a medical technology company advancing the diagnosis and management of coronary artery disease, the #1 cause of death worldwide, using cutting‑edge technology. The flagship product-an AI‑driven, non‑invasive cardiac test supported by the ACC/AHA Chest Pain Guidelines called the Heartflow FFRCTAnalysis-provides a color‑coded, 3D model of a patient's coronary arteries indicating the impact blockages have on blood flow to the heart. Heartflow is the first AI‑driven non‑invasive integrated heart care solution across the CCTA pathway that helps clinicians identify stenoses in the coronary arteries (RoadMap™Analysis), assess coronary blood flow (FFRCTAnalysis), and characterise and quantify coronary atherosclerosis (Plaque Analysis). Our pipeline of products is growing and so is our team; join us in helping to revolutionise precision heart‑care. Heartflow is a publicly traded company (HTFL) that has received international recognition for exceptional strides in healthcare innovation, is supported by medical societies around the world, cleared for use in the US, UK, Europe, Japan and Canada, and has been used for more than 500,000 patients worldwide. Overview The Heartflow Information Security team is responsible for security across our corporate and product environments, protecting our patient data and medical device ecosystem. We are looking for an investigator that loves the challenge of analysing complex security telemetry to uncover hidden threats and ensure a resilient defence for our corporate and product environments. The initial focus will be on triaging advanced security events and participating in our security incident response process. Analytical work will span our corporate, clinical and cloud infrastructure and will include threat hunting and the refinement of high‑fidelity detection logic. What You'll Do Perform in‑depth analysis of security events, logs, and network traffic using SIEM, EDR, and other security tools to rapidly identify, contain, and remediate complex threats. Collaborate in developing and implementing custom correlation rules, dashboards, and alerts to enhance detection capabilities. Drive threat hunts to find “quiet” persistent threats within our clinical and corporate environments. Participate in continuous refinement of incident response playbooks, operational procedures, and security standards. Perform security reviews of third‑party vendors to identify risks and ensure they meet company standards. What You Bring Education - BS in Computer Science or a related technical degree. No degree? No problem-if you have the equivalent experience and certifications, we want to hear from you. Experience - At least 2 years in the trenches of a SOC or Incident Response team. However, if you haven't held a formal “Security” title but have at least 2 years on an IT Operations team, we value deep technical expertise in operating systems and networking if you can show us your passion for security. You're comfortable navigating security platforms like SIEMs, EDR tools (CrowdStrike or similar), and Email Security platforms. Strong problem‑solving skills with the ability to troubleshoot security issues across networks, operating systems, and applications. Possess a solid understanding of log correlation and how to write logic for security alerts. Deep understanding of at least one of the operating system internals (Windows, Linux, or mac OS). Ability to analyse process trees. Able to analyse network flows and packet data to find hidden threats. You know your way around network tools and can spot anomalies across different types of environments. What Helps You Stand Out Certifications: SANS GIAC (GCIH, GCIA), CompTIA (Security+, CySA+), EC‑Council (C|SA) or equivalent. Proven ability to take initiative- track record of identifying problems and developing solutions independently. Excellent written and verbal communication skills, with the ability to clearly articulate complex technical issues and remediation plans to both technical and non‑technical audiences. You are a continuous learner who stays curious about the latest attack trends and loves figuring out how to stop them. A reasonable estimate of the base salary compensation range is $75,000 to $100,000 per year, and bonus. #LI-IB1 Heartflow is an Equal Opportunity Employer. We are committed to a work environment that supports, inspires, and respects all individuals and do not discriminate against any employee or applicant because of race, color, religion, marital status, age, national origin, ancestry, physical or mental disability, medical condition, pregnancy, genetic information, gender, sexual orientation, gender identity or expression, veteran status, or any other status protected under federal, state, or local law. This policy applies to every aspect of employment at Heartflow, including recruitment, hiring, training, relocation, promotion, and termination. Positions posted for Heartflow are not intended for or open to third‑party recruiters / agencies. Submission of any unsolicited resumes for these positions will be considered to be free referrals. Heartflow has become aware of a fraud where unknown entities are posing as Heartflow recruiters in an attempt to obtain personal information from individuals as part of our application or job offer process. Before providing any personal information to outside parties, please verify the following: A) All legitimate Heartflow recruiter email addresses end with “@heartflow.com” and B) The position described is found on our careers site at ********************************* #J-18808-Ljbffr

A leading identity platform in San Francisco seeks a Security Engineer to enhance product security while supporting the fast-paced delivery processes of engineering teams. The candidate will collaborate cross-functionally to manage risks, build security automation tools, and participate in on-call rotations. Required skills include communication, collaboration, and a passion for security, with 2+ years in software engineering and product security at a tech company. This full-time role offers competitive benefits and emphasizes a culture of proactive problem-solving. #J-18808-Ljbffr

An innovative tech company in San Francisco is seeking a Lead Security Engineer to architect, harden, and defend its infrastructure. In this role, you'll lead security initiatives and embed security practices into the product lifecycle. Ideal candidates have over 8 years of experience in security engineering and incident response, along with a strategic mindset to manage risks effectively. This is a unique opportunity to join a fast-paced environment that values resilience and flexibility while providing a hybrid work culture. #J-18808-Ljbffr

The Role: As the Security Engineering Lead at Airbyte, you will be the single-threaded owner of security, compliance, and privacy for the company, working in close partnership with engineering, product, legal, and leadership. This is a senior, hands-on role for someone excited to shape how security is built, embedded, and scaled in a growing company. You will have the autonomy to set direction and make risk-based decisions, along with strong cross-functional support to execute effectively. Your work will sit at the intersection of product, infrastructure, compliance, and go-to-market, with direct impact on customer trust, enterprise adoption, and Airbyte's ability to scale securely. What You'll Do: Own Airbyte's security end-to-end, spanning cloud, application, endpoint, and identity security Set security priorities and roadmaps in alignment with business goals and engineering strategy Serve as the primary security decision-maker, bringing sound judgment, context, and partnership to risk decisions and escalations Lead incident detection, investigation, and response, building clear, reliable, and repeatable processes Own and evolve Airbyte's SOC 2 Type II and ISO 27001 programs, ensuring ongoing audit readiness and operational maturity Partner with engineers to embed security into system design, architecture, and major platform initiatives Enable enterprise growth by leading customer-facing security engagements, including questionnaires, ad-hoc inquiries, and security-related contractual discussions Define and operate identity and access management, including SSO, SCIM, RBAC, and access reviews Maintain and improve Airbyte's privacy program, collaborating with Legal on privacy policies, DPAs, TIAs, and regulatory obligations Drive vulnerability management across the stack, including AWS, GCP, Kubernetes, applications, and container images Influence security culture and standards across the company as Airbyte continues to grow What You'll Need Send 3+ years of security leadership experience 5-8+ years of experience in security engineering, cybersecurity, or related roles Experience making practical, risk-based security decisions in collaboration with engineering and business partners Working knowledge of SOC 2 Type II, ISO 27001, and security governance concepts Hands-on familiarity with cloud security, Kubernetes, and modern CI/CD environments Strong communication skills, with the ability to explain security concepts to both technical and non-technical audiences Comfort balancing security, compliance, and delivery velocity in a fast-moving environment. Familiarity with privacy programs and regulations such as GDPR and CCPA Experience evaluating or applying AI-powered tools to security use cases such as detection, triage, policy analysis, or vulnerability management A mindset of curiosity, continuous learning, and shared ownership Location: Onsite 5 days/week in San Francisco, CA If you find this role exciting, we encourage you to apply even if you think you don't meet all of the requirements! Airbyte is an equal opportunity employer that does not discriminate on the basis of actual or perceived race, creed, color, religion, national origin, dicetancy, age, physical or mental disability, pregnancy, genetic information, sex, sexual orientation, gender identity or expression, marital status, familialvendicity, domestic violence victim status, veteran or military status, or any other legally recognized protected basis under federal, state or local laws. Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records. Airbyte is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. Please let us know if you need assistance or accommodation due to a disability. #J-18808-Ljbffr

About GoodLeap GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy‑efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI‑powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award‑winning nonprofit, GivePower, which is building and deploying life‑saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap to design, build, implement, and operate security and fraud monitoring, detection, and response capabilities. Your Oversight Will Encompass Security & Fraud Monitoring, Detection, and Response: Identification of potential misuse and abuse cases, determining corresponding events associated with manifestation of such scenarios, design of identification and detection solutions -e.g., correlated/iterative event searches across log sources ranging from infrastructure to applications/SaaS platforms, testing, implementation, monitoring, and fine‑tuning of these solutions, etc. Toolset design and operations: Design and build the monitoring, detection, and response platform, from tool selection and integration - e.g., SIEM, SOAR, agentic SOC, EDR, to daily operations/management Incident Response: Play a leading role in the definition, refinement, and execution of incident response activities. Overall Security Operations: Management and operation of security platforms/solutions outside monitoring, detection, and response platform. Support Embedded Product Security Team: Design, build, and implement monitoring and detection solutions for GoodLeap products and services. Essential Job Duties & Responsibilities Lead, participate in, and contribute to security and fraud monitoring, detection, and response activities, inclusive of investigations, threat hunting, etc. Create playbooks for specific incident response scenarios. Identify potential misuse and abuse cases in enterprise systems, propose solutions to detect these scenarios, and identify and implement monitoring and detection solutions for such scenarios. Support or develop components of the security analytics platform. Support embedded (product) security team. Support general security operations team with vulnerability management, tools management, and more. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non‑technical audiences. Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations, etc. Experience with threat modeling methodologies. Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR, etc. Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Experience working with and creating solutions based AI and ML toolsets - e.g., creation of AI skills, agents, MCP clients, vibe coding. Strong understanding of both human and non‑human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure‑as‑Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting teams outside of security - e.g., internal product teams and other cross‑functional areas. Proficiency in writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third‑party cloud/SaaS platforms, automating detection, response, and operational processes. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high‑level view of security strategy with attention to detail, ensuring thorough and effective execution. $146,000 - $170,000 a year In addition to the above salary, this role may be eligible for a bonus and equity. Additional Information Regarding Job Duties and s Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. #J-18808-Ljbffr

About GoodLeap GoodLeap is a technology company delivering best-in-class financing and software products for sustainable solutions, from solar panels and batteries to energy‑efficient HVAC, heat pumps, roofing, windows, and more. Over 1 million homeowners have benefited from our simple, fast, and frictionless technology that makes the adoption of these products more affordable, accessible, and easier to understand. Thousands of professionals deploying home efficiency and solar solutions rely on GoodLeap's proprietary, AI‑powered applications and developer tools to drive more transparent customer communication, deeper business intelligence, and streamlined payment and operations. Our platform has led to more than $30 billion in financing for sustainable solutions since 2018. GoodLeap is also proud to support our award‑winning nonprofit, GivePower, which is building and deploying life‑saving water and clean electricity systems, changing the lives of more than 1.6 million people across Africa, Asia, and South America. Position Summary The GoodLeap security team is responsible for both business enablement and safeguarding the organization's information assets; it is involved in virtually all aspects of the business, from product safety and resilience, to building security paved roads, customer, partner, and regulatory trust, managing technology governance and compliance, and ensuring the privacy, and safety of GoodLeap's customers, partners, and employees information. The senior security engineer role provides a unique opportunity to shape the security and resilience of GoodLeap systems, services, and operational processes. In this role, you will work closely with product, engineering, IT, and business teams within GoodLeap to design, build, implement, and operate security and fraud monitoring, detection, and response capabilities. Your Oversight Will Encompass Security & Fraud Monitoring, Detection, and Response: Identification of potential misuse and abuse cases, determining corresponding events associated with manifestation of such scenarios, design of identification and detection solutions -e.g., correlated/iterative event searches across log sources ranging from infrastructure to applications/SaaS platforms, testing, implementation, monitoring, and fine‑tuning of these solutions, etc. Toolset design and operations: Design and build the monitoring, detection, and response platform, from tool selection and integration - e.g., SIEM, SOAR, agentic SOC, EDR, to daily operations/management Incident Response: Play a leading role in the definition, refinement, and execution of incident response activities. Overall Security Operations: Management and operation of security platforms/solutions outside monitoring, detection, and response platform. Support Embedded Product Security Team: Design, build, and implement monitoring and detection solutions for GoodLeap products and services. Essential Job Duties & Responsibilities Lead, participate in, and contribute to security and fraud monitoring, detection, and response activities, inclusive of investigations, threat hunting, etc. Create playbooks for specific incident response scenarios. Identify potential misuse and abuse cases in enterprise systems, propose solutions to detect these scenarios, and identify and implement monitoring and detection solutions for such scenarios. Support or develop components of the security analytics platform. Support embedded (product) security team. Support general security operations team with vulnerability management, tools management, and more. Required Skills, Knowledge & Abilities Strong communicator with the ability to lead technical architecture discussions, drive technical decisions, and effectively communicate with non‑technical audiences. Expertise in security event management, monitoring, threat hunting, incident response, playbook creation, orchestration/automations, etc. Experience with threat modeling methodologies. Expertise with EDR solutions/platforms, such as CrowdStrike, S1, Palo Alto Cortex EDR, etc. Experience with AWS services, including KMS, SST, Container Registry, ELBs, Lambda, API Gateway, CloudTrail, and IAM (knowledge of GCP and/or Azure is a plus). Proven ability to establish credibility and build trust with business, engineers, and operational staff; confident yet humble. Experience designing, configuring, and implementing security and fraud monitoring for core enterprise systems, e.g., ERP, HCM, Salesforce, etc. Experience working with and creating solutions based AI and ML toolsets - e.g., creation of AI skills, agents, MCP clients, vibe coding. Strong understanding of both human and non‑human identity management and common enterprise and consumer authentication standards and use cases. Practical experience with CI/CD pipelines and DevOps tools, including Infrastructure‑as‑Code (IaC) tools like Terraform, Pulumi, or CDK; GitHub and GitHub Actions; artifact management; and secrets management tools like Doppler and HashiCorp Vault. Passionate about learning new technologies. While you're not expected to know everything, you should demonstrate a willingness and ability to learn as needed. Prior experience interfacing and supporting teams outside of security - e.g., internal product teams and other cross‑functional areas. Proficiency in writing automation scripts in multiple languages and integrating with REST/GraphQL APIs to orchestrate workflows between security tooling and third‑party cloud/SaaS platforms, automating detection, response, and operational processes. Experience engaging with vendors in design partnerships. Experience overseeing vulnerability and threat management at the platform and application levels. Familiarity with penetration testing and red team exercises, including manual verification, exploitation, and lateral movement. Ability to balance a high‑level view of security strategy with attention to detail, ensuring thorough and effective execution. $146,000 - $170,000 a year In addition to the above salary, this role may be eligible for a bonus and equity. Additional Information Regarding Job Duties and s Job duties include additional responsibilities as assigned by one's supervisor or other managers related to the position/department. This job description is meant to describe the general nature and level of work being performed; it is not intended to be construed as an exhaustive list of all responsibilities, duties and other skills required for the position. The Company reserves the right at any time with or without notice to alter or change job responsibilities, reassign or transfer job position or assign additional job responsibilities, subject to applicable law. The Company shall provide reasonable accommodations of known disabilities to enable a qualified applicant or employee to apply for employment, perform the essential functions of the job, or enjoy the benefits and privileges of employment as required by the law. If you are an extraordinary professional who thrives in a collaborative work culture and values a rewarding career, then we want to work with you! Apply today! We are committed to protecting your privacy. To learn more about how we collect, use, and safeguard your personal information during the application process, please review our Employment Privacy Policy and Recruiting Policy on AI. #J-18808-Ljbffr