Information Security Officer remote jobs - 618 jobs

AI Security / Biosecurity Engineer, RAND CAST page is loaded## AI Security / Biosecurity Engineer, RAND CASTlocations: San Francisco, CA: Pittsburgh, PA: Santa Monica, CA (Greater Los Angeles Area): Boston, MA: USA - Remotetime type: Full timeposted on: Posted Yesterdayjob requisition id: R3442**Job Type:**Term (Fixed Term)**Overview**is seeking technically excellent and mission-driven AI Security / Biosecurity Engineers to work across a number of our most critical and fast-paced AI security and biosecurity workstreams.RAND CAST works on pressing national security challenges related to emerging technologies. Our areas of focus include AI security, compute, biosecurity and bioresilience, and the intersection of AI and biotechnology.Emerging technologies, especially AI and biotechnology, have many promising beneficial and defensive applications. Given their dual-use nature, they also present a number of new security challenges. RAND CAST explores ambitious technical and policy approaches to solving these complex problems. We are a team of world-class technical and policy analysts, engineers, and scientists giving decision-makers the objective insights they need to navigate global emerging threats.**Position Description**We are looking for individuals who are driven by a bias for action; capable of developing and securing complex systems under high-stakes and fast-paced conditions; and can act as an owner, not just a contributor, with end-to-end ownership of critical, sensitive data infrastructure in a highly autonomous environment.We have a number of ongoing technical projects across our AI security and biosecurity teams. Candidates will discuss initial projects with program leads as part of the interview process.**Qualifications****Required:*** Professional experience in software engineering with a focus on backend engineering and/or data engineering.* Demonstrated ability to build robust and technically complex systems with a security-first mindset.* Experience operating, monitoring, and deploying systems using modern cloud infrastructure.* Preference for working in a fast-paced, autonomous environment.* Excellent communication skills, both written and verbal, tailored to technical and non-technical audiences* Fluency with MS Office suite**Preferred:*** Advanced knowledge of integrating Large Language Models (LLMs) into workflows.* Background in biosecurity, dual-use technology, or AI security and misuse.* Ability to scope cross-functional projects with internal customers and own their execution.* Experience with distributed data processing platforms.**Education Requirements**PhD in Biological Sciences, Computational Biology, Biotechnology, Bioinformatics, Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity, Information Security, Information Technology, Mathematics, Applied Mathematics, Physics, Applied Physics, Engineering Physics, Artificial Intelligence, Machine Learning, Engineering and Public Policy, Technology and Policy, National Security Policy, Policy Analysis, Political Science, International Relations, or similar is required.ORMaster's degree in the fields listed above with 3+ years of professional experience, is required.ORBachelor's degree in the fields listed above with at least 5+ years of professional experience, is required.Master's or PhD preferred.**Term**This position is structured as a two-year appointment with options to later extend the initial appointment and explore other opportunities for growth.**Security Clearance**Ability to obtain and maintain a U.S. government clearance is preferred.**Location**We are hiring for this position in San Francisco, CA; Washington, DC; Santa Monica, CA; Pittsburgh, PA; and Boston, MA. We offer a hybrid work arrangement, combining work from home and on-site options. Fully remote work will also be considered.**Salary Range**: $118,500 - $261,400Technical Resident, Associate II = $118,500 - $171,900Technical Resident, Specialist = $146,200 - $211,900Visiting Technical Expert = $167,300 - $261,400RAND considers a variety of factors when formulating an offer, including but not limited to, the specific role and associated responsibilities; a candidate's work experience, education/training, skills, expertise; and internal equity.The salary range includes base pay plus RAND's sabbatic pay (which provides additional compensation above base pay when vacation is taken). This position may be eligible for additional compensation. In addition, RAND provides strong benefits including health insurance coverage, life and disability insurance, savings plan, paid time-off and more.*Equal Opportunity Employer***RAND is a research organization that develops solutions to public policy challenges to help make communities throughout the world safer and more secure, healthier and more prosperous. RAND's research and analysis address issues that impact people everywhere, including security, health, education, sustainability, growth, and development.** **RAND has approximately 2,025 people from more than 50 countries working in offices in the United States, Europe and Australia, with annual revenues of $435.8 million.** **RAND is nonprofit, nonpartisan, and committed to the public interest. Our research is sponsored by government agencies, international organizations, and foundations. We rely on philanthropic support to pursue visionary ideas; address critical problems that are under-researched; and devise innovative approaches for solving acute, complex, or provocative policy challenges. RAND values objectivity and integrity in both its research processes and internal interactions. We emphasize a collegial environment that respects the contributions and dignity of all staff.** #J-18808-Ljbffr

LendSwift is a modern, technology-driven consumer lending company on a mission to provide fast, transparent credit solutions to underserved borrowers. We deliver flexible lending products while maintaining the highest standards of compliance, security, and trust. Our sister company is GigFi, which provides merchant cash advances to gig workers and small businesses. We're seeking an experienced Chief Compliance Officer (CCO) / Chief Information Security Officer (CISO) to lead our compliance and information security programs. This executive will be a key member of the leadership team, ensuring LendSwift operates with full regulatory compliance and robust data security across all operations. The ideal candidate has deep expertise in consumer lending, a strong track record in bank partnership lending models, and proven success building and overseeing compliance and information security frameworks. Tasks Compliance: Maintain and improve a comprehensive Compliance Management System (CMS) that aligns with applicable federal and state consumer lending laws and regulations (e.g., TILA, ECOA, FCRA, GLBA, UDAAP). Manage and maintain strong working relationships with our bank partners, ensuring ongoing compliance with bank oversight requirements and participation in exams and audits. Oversee licensing, regulatory reporting, and interactions with federal and state regulators. Advise senior leadership on compliance risks, trends, and mitigation strategies. Lead compliance training, monitoring, and issue management programs. Information Security: Own the design and execution of our enterprise information security program to protect customer and company data. Ensure compliance with GLBA, SOC2, PCI DSS, and other applicable data security frameworks. Develop and enforce policies, procedures, and controls for data privacy, cybersecurity, and incident response. Oversee vendor due diligence and third-party risk management as it relates to information security. Report regularly to executive leadership and the Board on the state of information security. Requirements 8+ years of progressive leadership experience in compliance and/or information security in the consumer lending industry. Extensive knowledge of the bank partnership lending model and managing bank sponsor relationships. Hands-on experience with multi-state lending operations and regulatory requirements. Proven ability to lead, build, and scale compliance and security programs in a high-growth environment. Strong communication skills; comfortable engaging with regulators, bank partners, auditors, and legal counsel. Bachelor's degree required; JD, CIPP, CISSP, or other relevant certifications a plus. Benefits Highly flexible remote work environment. Unlimited PTO. Lean, AI-forward leadership team. The chance to shape compliance and security strategy for a growing fintech innovator. Competitive compensation and comprehensive benefits. #J-18808-Ljbffr

Government IT Division REMOTE MKS2 Technologies, LLC, an award-winning high growth small business, creates innovative and customer‑centric technology solutions in the areas of Cyber Security, Instructional Design and Training, Software Engineering and IT Support Services to improve the security and well‑being of our clients. Our commitment to excellence and our “Mission First” orientation has resulted in steady growth and an expanding client base across government agencies. We have employees nationwide and for the past three consecutive years were named one of the fastest growing Veteran‑owned companies in the nation. Please take a moment to browse through our website and learn more about what it means to serve with MKS2. Senior Information System Security Engineer / Solutions Architect Location: Remote - must be within US and able to obtain Public Trust Clearance - US Citizen Pay: $100,000 - $120,000 annually (based on qualifications). Full Government benefits (W‑2) Job type: Contract We are seeking a hands‑on Senior Information System Security Engineer / Solutions Architect who will also serve as the Information System Security Engineer (ISSE) for key cybersecurity systems supporting the Department of Veterans Affairs (VA). This role is ideal for someone with deep technical engineering skills, cloud and DevSecOps experience. This individual will also lead teams to develop and implement technical solutions to remediate vulnerabilities and other complex cybersecurity challenges. Candidates will have a solutions‑oriented mindset to help the VA problem‑solve complex cybersecurity and IT challenges. The candidates should also be well‑versed with facilitating working sessions and have the ability to distill complex concepts into non‑technical/common language. The role will focus on analyzing and recommending system security architectures, vulnerability mitigation, policy‑driven compliance implementation, and full‑lifecycle support for the Department of Veteran's Affairs systems. Key Responsibilities Cybersecurity Engineering & Architecture (Primary) Analyze complex technical findings and determine necessary resources needed to solve problem‑sets across multiple cybersecurity and technical domains Partner with technical teams to develop and implement technical solutions Design, build, and deploy secure cloud‑native architectures and infrastructure components for VA information systems Develop and maintain CI/CD pipelines with integrated security scanning, policy enforcement, and remediation tools Implement secure infrastructure as code/policy as code using tools such as Terraform/CloudFormation, including writing and implementing PaC scripts Align security architectures with Federal Zero Trust strategy, VA directives, and OMB policies Enable automation of system telemetry and analytics pipelines for cyber situational awareness ISSEResponsibilities Provide engineering and technical analysis on behalf of Agency Authorizing Officials (AOs) for System Security Plans (SSPs), Risk Assessments, Security Controls Traceability Matrices (SCTMs), and POA&Ms Support system authorization and compliance activities including continuous monitoring and system audits Conduct regular and ad‑hoc analysis of security control findings and develop and implement remediation strategies Minimum Qualifications Bachelor's degree in computer science, engineering, or technical equivalent with 10 years of technical experience or a total of 18 years in lieu of education 8+ years of security engineering, DevSecOps, or cloud architecture experience Expertise in securing platforms hosted in AWS GovCloud and Azure Government Strong experience with NIST RMF, FISMA, FedRAMP, and Zero Trust architecture implementation Hands‑on skills in IaC tools like Terraform and CI/CD tools such as GitLab/Jenkins, with ability to adopt new technologies if procured by the agency Experience with network isolation tools such as Palo Alto Next Generation Firewalls (NGFW) and Juniper Mist Network Access Control (NAC) solutions or comparable Demonstrated experience securing modern applications, APIs, and automated infrastructure Excellent written and oral communication skills; ability to explain complex, technical information in easily understood terms; ability to brief Senior VA leadership regularly U.S. Citizenship and ability to obtain Public Trust clearance Preferred Qualifications Prior VA experience supporting VA OIS or major cybersecurity initiatives Experience authoring and maintaining ATO documentation in VA or HHS environments Experience with IoT/IoMT security solutions is a plus Knowledge of federal cybersecurity standards Equal Employment Opportunity Diversity creates a healthier atmosphere: MKS2 Technologies is proud to be an Equal Employment Opportunity / Affinitive Action employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, age, national origin, protected veteran status, disability status, sexual orientation, gender identity or expression, marital status, genetic information, or any other characteristic protected by law. As set forth in MKS2 Technologies's Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law. Voluntary Self‑Identification For government reporting purposes, we ask candidates to respond to the below self‑identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file. #J-18808-Ljbffr

About Sift At Sift, we're redefining how modern machines are built, tested, and operated. Our platform provides engineers with real-time observability over high-frequency telemetry, eliminating bottlenecks and enabling faster, more reliable development. Sift was born from our work at SpaceX on Dragon, Falcon, Starlink, and Starship-where scaling telemetry, debugging flight systems, and ensuring mission reliability demanded new infrastructure. Founded by a team from SpaceX, Google, and Palantir, Sift is built for mission-critical systems where precision and scalability are non-negotiable. About the Role As Sift's founding Security & Compliance Engineer, you will not just maintain a security checklist; you will define the posture, architecture, and practices that keep our products and infrastructure secure in the most demanding environments. You will be both hands-on and strategic, building controls, automating compliance, and working directly with customers, auditors, and internal teams to inspire confidence in our platform. The Security & Compliance Engineer will own Sift's security posture end-to-end, blending technical security engineering with governance, risk, and compliance leadership. You will set the standard for how we protect our systems and data, ensuring we are ready to meet and exceed the expectations of aerospace, defense, and enterprise customers. This is a high-visibility, high-ownership role: you will be Sift's first security hire, laying the foundation of our security program and growing it into a dedicated function as the company scales. In This Role, You'll:Technical Security Build secure CI/CD pipelines with embedded scanning. Operate and tune SIEM/EDR (ELK, Datadog, Splunk, CrowdStrike, Prometheus, Grafana). Secure multi-cloud environments (AWS GovCloud, Kubernetes, on-prem). Implement zero-trust networking and modern SASE/ZTNA approaches. Improve visibility and observability across networks and workloads. Governance, Risk & Compliance (GRC) Lead compliance initiatives: SOC 2, ISO 27001, NIST 800-171, FedRAMP, CMMC. Manage third-party/vendor risk assessments. Own internal/external audits and readiness for customer/government reviews. Lead company-wide security awareness: phishing simulations, compliance workshops, and role-specific training. The Skillset You'll Bring:Technical Skills 5+ years in cybersecurity, product security, or cloud security roles, ideally in high assurance or regulated industries. Hands-on experience securing AWS or an equivalent cloud service provider (GovCloud preferred) and Kubernetes-based environments, with strong infrastructure as code practices. Proven track record leading or supporting compliance initiatives such as SOC 2, NIST 800-171, CMMC, FedRAMP, or ISO 27001. Deep understanding of network, endpoint, and identity security principles. Experience with security tooling and integration into operational workflows. Ability to translate compliance requirements into clear, actionable engineering work. Experience managing third-party/vendor risk and customer-facing security reviews. Soft Skills Clear communicator with both technical and non-technical stakeholders. Customer-facing presence for audits and enterprise assurance. Collaborative partner to infra and product teams. High ownership and adaptability in ambiguous, fast-moving environments. Integrity and trustworthiness, handling sensitive data, and compliance matters with discretion. Excited to operate as a team of one early on, with the vision to build and lead a security function over time. Location: Sift's headquarters is in El Segundo, CA. We collaborate in person twice a week-on Mondays and Thursdays-and come together for a full week every two months. While we prefer team members to be local, we're open to relocating candidates to LA or considering remote work from the San Francisco area for the right candidate. Salary range: $170,000 - $220,000 per year. Plus equity and benefits. Eligibility: US Person Required: Must be a U.S. Citizen or Green Card Holder due to ITAR (International Traffic in Arms Regulations) / EAR (Export Administration Regulations) compliance requirements. #J-18808-Ljbffr

Senior Security Engineer - Corporate Security Rippling gives businesses one place to run HR, IT, and Finance. It brings together all of the workforce systems that are normally scattered across a company, like payroll, expenses, benefits, and computers. For the first time ever, you can manage and automate every part of the employee lifecycle in a single system. Take onboarding, for example. With Rippling, you can hire a new employee anywhere in the world and set up their payroll, corporate card, computer, benefits, and even third-party apps like Slack and Microsoft 365-all within 90 seconds. Based in San Francisco, CA, Rippling has raised $1.4B+ from the world's top investors-including Kleiner Perkins, Founders Fund, Sequoia, Greenoaks, and Bedrock-and was named one of America's best startup employers by Forbes. We prioritize candidate safety. Please be aware that all official communication will only be sent from @ Rippling.com addresses. About the role Rippling is looking for a Senior Security Engineer to join our Corporate Security team. Our mission is to reduce organizational risk by securing the tools and platforms Rippling employees use every day-SaaS apps, internal tools, endpoints, and email. We help the business make safer decisions by building secure defaults, automating away risky behavior, and working directly with stakeholders to understand and mitigate threats. As a Senior Engineer on CorpSec, you'll drive projects that span technical execution, stakeholder engagement, and strategic planning. You'll work closely with the Detection and Response, IT products, Infrastructure, Legal, and Compliance teams to improve how we manage access, detect abuse, and remediate risk-often through automation and thoughtful process design. What You'll Do Lead end-to-end security projects that secure core enterprise systems like Google Workspace, Atlassian, Salesforce, and Slack. Design and implement scalable access controls, including least privilege policies, automated approvals, and audit workflows. Deploy and tune security tooling (e.g. email security platforms, CASB/SWG, SaaS DLP tools) to reduce risk across our corp environment. Automate security workflows that reduce manual effort, close the loop on findings, and improve team efficiency. Write one-pagers and RFCs that clarify risk, propose solutions, and drive alignment with cross-functional stakeholders. Partner with Detection & Response to improve phishing protection and support incident investigations involving corp tools or user accounts. Mentor teammates and contribute to the team's technical direction through design reviews and hands‑on collaboration. Sample Projects You Might Work On Rolling out a new email security solution and defining phishing detections in partnership with Detection & Response. Building an approval system for Chrome extensions and auto‑whitelisting trusted ones using Google's API. Automating Slack‑based remediation for publicly shared sensitive Google Docs. Restricting 3rd‑party app access in Google Workspace and driving stakeholder alignment on exceptions. Threat modeling Salesforce and improving visibility into high‑risk integrations and data access patterns. What We're Looking For 5+ years of experience in security or software engineering, ideally with exposure to SaaS, corp IT, or access management. Strong programming skills (e.g. Python, Go) and a track record of building automation that solves real problems. Experience with one or more of: identity and access management, SaaS security tooling, DLP, insider threat detection, or phishing protection. Clear, empathetic communication skills-especially when working with stakeholders outside of engineering. Ability to turn ambiguous problems into scoped projects, define success metrics, and drive them to completion. Comfortable owning projects end‑to‑end and proactively reducing blockers for others. What Success Looks Like You lead multi‑stakeholder projects that reduce security risk and are measurable, repeatable, and automated. You deliver projects that enable safe default behaviours, reduce operational toil, or improve visibility into corp risk. You can clearly communicate security trade‑offs to engineering and business teams, and drive alignment across orgs. You build systems that last-flexible, reusable, and easy for others to extend or maintain. Additional Information Rippling is an equal opportunity employer. We are committed to building a diverse and inclusive workforce and do not discriminate based on race, religion, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, veteran or military status, or any other legally protected characteristics. Rippling is committed to providing reasonable accommodations for candidates with disabilities who need assistance during the hiring process. To request a reasonable accommodation, please email accommodations@rippling.com. Rippling highly values having employees working in‑office to foster a collaborative work environment and company culture. For office‑based employees (employees who live within a defined radius of a Rippling office), Rippling considers working in the office, at least three days a week under current policy, to be an essential function of the employee's role. This role will receive a competitive salary + benefits + equity. The salary for US‑based employees will be aligned with one of the ranges below based on location; see which tier applies to your location here. A variety of factors are considered when determining someone's compensation-including a candidate's professional background, experience, and location. Final offer amounts may vary from the amounts listed below. The pay range for this role is: 159,000 - 278,250 USD per year (US Tier 1) 143,100 - 250,425 USD per year (US Tier 2) 135,150 - 236,513 USD per year (US Tier 3) #J-18808-Ljbffr

A leading security training provider is seeking a Senior Security Engineer for their content engineering team. This role supports security professionals, builds hands-on content, and integrates security into DevOps. Ideal candidates have over 5 years of experience in application security and are passionate about improving security practices. The position is remote-first with competitive compensation and benefits. #J-18808-Ljbffr

San Francisco, CA Metriport is an open-source data intelligence platform that helps healthcare organizations access and exchange patient data in real-time. We integrate with all major US healthcare IT systems and tap into comprehensive medical data for 300+ million individuals. We've found product-market fit with multi-million ARR, 100+ customers (including Strive Health, Circle Medical, and Brightside Health), backing from top VCs, and years of runway. We're ready to scale. We're a tight-knit, high-performing team of mostly former founders (including two YC alumni). We're engineering-heavy, operate with minimal bureaucracy and high autonomy, and hire based on competence, not prestige. We push hard-founders work six days a week from our SF office-but give everyone freedom to craft their schedule. We measure output and we're committed to sustainable intensity. About you In a nutshell, we're looking for a security engineer with the following specific qualities: You're entrepreneurial-minded, with an olympian-level work ethic (nearly our entire engineering team consists of former founders). You are passionate about security and are excited to own security related projects within the company end-to-end. You are confident in your ability to build scalable systems across the full stack, and people usually come to you for technical guidance. You believe you can solve any problem that comes at you, and don't shy away from diving deep into areas where you may lack domain expertise. You have a strong sense of ownership over your work, and have demonstrated ability to lead others. You know how to move fast - while still maintaining a strong security posture. You care more about the end result and delivering value, rather than what new and frilly tech is being used under the hood for a given feature. When someone scopes out a project with an ETA of 3 weeks, you ask yourself "why can't it be done in 3 days?". You're a hacker at heart, and have a good sense of what rules should, and shouldn't, be broken. What you'll be doing After quickly ramping up using our comprehensive onboarding materials to get familiar with our domain, product, and codebase, the goal would be to get you shipping product directly to customers as quickly as possible. Specifically, day to day, this looks like: Evangelizing security across Metriport's growing team - we will look to you for guidance, and training. Driving full-stack security projects , big and small, end-to-end from ideation to production rollout. These projects could include things like: Implement an enterprise-grade audit logging solution for a new national healthcare network infrastructure stack. Implement fine grained RBAC on the API key access layer, and more robust roles on our UIs. Help us revamp our internal security policies and put tools in place to keep the platform, and employees, secure while still allowing the team to be efficient. Helping the engineering team with PR reviews with a security-focused lens. Work with the Go to Market team to complete customer security assessments and questionnaires. Work with the engineering team to harden security across the development lifecycle - think secret management, access controls, and vulnerability scanning. Managing your own work in Linear. Participating in bi-weekly sprint planning / retro sessions, and quarterly planning sessions. Attending a daily 30 minute remote stand-up at 7:30am PST Mon-Fri (our only regular mandatory meeting). Requirements You have 6+ years experience in security engineering and information security. You're located in San Francisco or the Bay Area (or willing to relocate). Familiar with HIPAA compliant environments. Experience rolling out and maintaining security frameworks like SOC 2, NIST, HITRUST, FedRAMP, etc. Experience rolling out data protection technologies like SSO, MFA, VPN, FIPS, etc. Experience with organizational secret management. Experience implementing SCA, SAST, DAST in CICD workflows. Experience with Mobile Device Management (MDM). Proficiency in cloud security & networking on AWS - IAM, WAF, KMS, etc. Proficiency in authentication, cryptography, encryption, and security protocols such as: mTLS, RSA, SSL, HMAC, RBAC, etc. Bonus: experience with IHE profiles (ATNA, CT, XUA). Benefits Competitive equity + compensation package 🚀 Full family Platinum health insurance, dental, and vision coverage 🦷 401(k) retirement plan + matching 💰 Flexible work from home or in-office 🏢 Healthy lunches are complimentary when working in-office (and breakfast + dinners as needed) 🍏 Quarterly company off-sites with the team ⛷️ MacBook provided by us 💻 Unlimited PTO (we work hard, but trust you to take time you need to be at your best) 🧘♂️ Our tech On the frontend, we use React - on the backend, we rely on Node.js and TypeScript for writing core business logic. We deploy a wide range of AWS cloud services (ie ECS, Fargate, Lambda, etc), and manage our infrastructure as code with AWS CDK. Data lives in PostgreSQL, DynamoDB, S3, Snowflake, FHIR servers, and more. We use Oneleet for security and compliance. Metriport provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, genetics, sexual orientation, gender identity, or gender expression. We are committed to a diverse and inclusive workforce and welcome people from all backgrounds, experiences, perspectives, and abilities. #J-18808-Ljbffr

About the Company Gemini is a global crypto and Web3 platform founded by Cameron and Tyler Winklevoss in 2014, offering a wide range of simple, reliable, and secure crypto products and services to individuals and institutions in over 70 countries. Our mission is to unlock the next era of financial, creative, and personal freedom by providing trusted access to the decentralized future. We envision a world where crypto reshapes the global financial system, internet, and money to create greater choice, independence, and opportunity for all - bridging traditional finance with the emerging cryptoeconomy in a way that is more open, fair, and secure. As a publicly traded company, Gemini is poised to accelerate this vision with greater scale, reach, and impact. The Department: Application Security The Role: Staff Blockchain Security Engineer As a member of the Application Security (AppSec) team, you will share in the responsibility of protecting the company and our customers against application security threats. The AppSec team is focused on the advancement of modern application security practices and supports the engineering organization by finding, fixing, and preventing software security vulnerabilities. As a Staff Blockchain Security Engineer on the Application Security team focusing on blockchain security, you will work closely with on-chain engineering and product teams to provide security recommendations and identify security issues throughout the on-chain software development lifecycle. You will lead security reviews of Web3 products, integrate secure development practices into our on-chain SDLC, and develop tooling to identify, mitigate, and monitor blockchain-specific threats. This role is required to be in person twice a week at either our San Francisco, CA or New York City, NY office. Responsibilities Lead in-depth security reviews of smart contracts, blockchain protocols, and Web3 applications for architectural flaws, security vulnerabilities, and best practice violations Collaborate and advise on-chain engineering teams on Web3 security best practices and vulnerability remediation Design and implement secure on-chain SDLC processes for on-chain product teams Develop, maintain, and improve security tooling for blockchain ecosystems (fuzzers, static analysis, etc.) Partner with legal, compliance, and risk teams to address security, regulatory, and operational risks of blockchain features Minimum Qualifications 8+ years of experience in application security, Web3 security, or similar roles Strong background in Web3 security reviews such as smart contract audits, blockchain protocols, and dApps Ability to perform design reviews, threat modeling, secure code reviews, or penetration testing with an attacker mindset Strong background in application security best practices and familiarity with common vulnerabilities (e.g. SSRF, race conditions, privilege escalations, etc.) Experience with secure key management and wallet systems Familiarity with blockchain security tools (slither, echidna, etc) Some background in development or scripting experience (Python, Scala, C++, JavaScript, etc.) Familiarity with and ability to understand business objectives, business context, and security risk Strong communication skills and the ability to collaborate on a cross-functional team Preferred Qualifications Experience with formal verification of smart contracts Prior experience in cryptocurrency exchanges, DeFi platforms, or NFT marketplaces Active contributor to blockchain security communities, bug bounty programs, or published exploit research Ability to define and execute a long-term blockchain security roadmap in partnership with engineering leadership It Pays to Work Here The compensation & benefits package for this role includes: Competitive starting salary A discretionary annual bonus Long-term incentive in the form of a new hire equity grant Comprehensive health plans 401K with company matching Paid Parental Leave Flexible time off Salary Range The base salary range for this role is between $168,000 - $240,000 in the State of New York, the State of California and the State of Washington. This range is not inclusive of our discretionary bonus or equity package. When determining a candidate's compensation, we consider a number of factors including skillset, experience, job scope, and current market data. In the United States, we offer a hybrid work approach at our hub offices, balancing the benefits of in-person collaboration with the flexibility of remote work. Expectations may vary by location and role, so candidates are encouraged to connect with their recruiter to learn more about the specific policy for the role. Employees who do not live near one of our hubs are part of our remote workforce. At Gemini, we strive to build diverse teams that reflect the people we want to empower through our products, and we are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity, or Veteran status. Equal Opportunity is the Law, and Gemini is proud to be an equal opportunity workplace. If you have a specific need that requires accommodation, please let a member of the People Team know. #J-18808-Ljbffr

ZetaChain is looking for a Sr. Application Security or DevSecOps Engineer to enhance its security program. This role is crucial for safeguarding applications in the blockchain domain. You will actively shape security strategies while gaining experience across diverse crypto risks in a vibrant and innovative environment. If you possess a strong foundation in application security and are passionate about blockchain technology, you will thrive here. #J-18808-Ljbffr

A financial technology company is seeking a Security Engineer to design and implement security controls for their payment infrastructure. This role involves leading application security, enhancing compliance features, and implementing DevSecOps tooling. Candidates should have over 7 years of experience in DevOps, a strong background in application security, and familiarity with technologies like AWS and Docker. The position supports candidates in various locations including San Francisco or remote. #J-18808-Ljbffr

A technology company is looking for a hands-on Platform Security Engineer to architect and maintain security solutions. You will work with teams to build secure services, respond to threats, and improve security posture. The role requires strong cloud security knowledge, experience with security tools, and excellent communication skills. This position is remote-friendly and encourages diverse applicants to apply. #J-18808-Ljbffr

A leading identity platform company in San Francisco is seeking a Corporate Security Lead to fortify defenses against evolving threats. This full-time role involves developing endpoint security solutions and collaborating with cross-functional teams. The ideal candidate has over 3 years of IT security experience, including endpoint hardening and scripting skills. Enjoy competitive benefits like unlimited PTO, mental health days, and professional development stipends in a vibrant work culture. #J-18808-Ljbffr

A leading AI research company in San Francisco is hiring a Security Engineer, specializing in application security. Responsibilities include conducting security assessments, developing security tools, and collaborating with development teams to integrate security best practices throughout the software development lifecycle. The ideal candidate has extensive experience in cybersecurity and strong programming skills. This role offers a hybrid work model with relocation assistance. #J-18808-Ljbffr

A leading financial services firm in San Francisco is looking for a Senior Security Operations Engineer to prevent, detect, and respond to security threats in their corporate and cloud environments. This individual will collaborate with teams across security, IT, and engineering to ensure robust security measures. The role offers a hybrid work environment, requiring a minimum of three days in the office and includes opportunities for remote work. Ideal candidates have a strong background in security incident response and coding in Go and Python. #J-18808-Ljbffr

We're looking for an AI Security Engineer to join our Red Team and help us push the boundaries of AI security. You'll lead cutting‑edge security assessments, develop novel testing methodologies, and work directly with enterprise clients to secure their AI systems. This role combines hands‑on red‑teaming, automation development, and client engagement. You'll thrive in this role if you want to be at the forefront of an emerging discipline, enjoy working on nascent problems, and like both breaking things and building processes that scale. Key Responsibilities This is a highly cross‑functional position. AI security is still being defined, with best practices emerging in real‑time. You'll be building the frameworks, methodologies, and tooling that scale our services while staying adaptable to rapid changes in the AI landscape. This role is ideal for someone who wants to take their traditional cybersecurity expertise and apply it to the new frontier of AI security and safety. Your focus will span several key areas: Service Delivery & Client Engagement Lead end‑to‑end delivery of AI red‑teaming security assessment engagements with enterprise customers Collaborate with clients to scope projects, define testing requirements, and establish success criteria Conduct comprehensive security assessments of AI systems, including text‑based LLM applications and multimodal agentic systems Author detailed security assessment reports with actionable findings and remediation recommendations Present findings and strategic recommendations to technical and executive stakeholders through report readouts Tooling & Methodology Development Build upon and improve our established processes and playbooks to scale AI red‑teaming service delivery Develop frameworks to ensure consistent, high‑quality service delivery Find the tedious, repetitive stuff and automate it - you don't need to be a world‑class developer, just someone who can build tools that make the team more effective Research & Innovation Develop novel red‑teaming methodologies for emerging modalities: image, video, audio, autonomous systems Stay ahead of the latest AI security threats, attack vectors, and defense mechanisms Translate cutting‑edge academic and industry research into practical testing approaches Collaborate with our research and product teams to continuously level up our methodologies Required Qualifications Technical Expertise 3+ years of experience in cybersecurity with focus on red‑teaming, penetration testing, or security assessments Experience with web application and API penetration testing preferred Deep understanding of LLM vulnerabilities including prompt injection, data poisoning, and jailbreaking techniques Practical experience with threat modeling complex systems and architectures Proficiency in developing automated tooling to enable and enhance testing capabilities, improve workflows, and deliver deeper insights Professional Skills Proven track record of leading client‑facing security assessment projects from scoping through delivery Excellent technical writing skills with experience creating executive‑level security reports Strong presentation and communication skills for diverse audiences Experience building processes, documentation, and tooling for service delivery teams AI Security Knowledge Understanding of AI/ML model architectures, training processes, and deployment patterns Familiarity with AI safety frameworks and alignment research Knowledge of emerging AI attack surfaces including multimodal systems and AI agents Preferred Qualifications Relevant security certifications (OSCP, OSWA, BSCP, etc.) Hands‑on experience performing AI red‑teaming assessments, with a strong plus for experience targeting agentic systems Demonstrated experience designing LLM jailbreaks Active participation in security research and tooling communities Background in threat modeling and risk assessment frameworks Previous speaking experience at security conferences or industry events What You'll Gain Opportunity to shape the future of AI security as an emerging discipline Work with cutting‑edge AI technologies and novel attack methodologies Lead high‑visibility projects with enterprise clients across diverse industries Collaborate with world‑class research team pushing boundaries of AI safety Platform to establish thought leadership in AI security community Competitive compensation package with equity participation ❗To remove your information from our recruitment database, please email privacy@lakera.ai. #J-18808-Ljbffr

WorkOS builds tools and services for developers to help them implement authentication, identity, authorization, and overall enterprise readiness. We're a fully distributed team with employees across North American time zones. We're well-funded, having raised $100m in funding from top investors including Greenoaks Capital, Lachy Groom, and Lightspeed Ventures. Our fast-growing customer base includes rapidly growing SaaS companies like OpenAI, Cursor, Perplexity, Vercel, Plaid, and hundreds of others. About the role WorkOS is growing rapidly and building out our team of engineers! We obsess over the developer experience, actively seeking out feedback and new perspectives to inform the products we build. We're searching for engineers who share this empathetic approach to solving problems. We're looking for an experienced security engineer to join our team, responsible for defining and coordinating security efforts across the company. The role is both strategic and tactical, so we'll be looking to you to influence long-term strategy while delivering on key pieces during our next phase of company growth. Successful candidates will love staying up to date on the latest in cloud product security, authentication and identity domains. You'll work across different teams to help make our products secure by design. Responsibilities Be the product security champion. You'll work closely with our product engineering teams to provide security guidance on all new and existing products Collaborate with the product engineering team to perform regular product security assessments Establish patterns and practices around application security Advocate for, and lead security projects from inception through completion Engage with security vendors as needed Triage and elevate security issues Qualifications 5+ years of experience as a Product Security engineer in a cloud product company Proven experience performing security design reviews for complex applications, including distributed systems, APIs, and cloud services Familiar with common security libraries, security controls, and common security flaws that apply to cloud services Great written and verbal communication skills Ability to complete rigorous security-focused code reviews in TypeScript Bonus: Experience in Auth and Identity domain Bonus: Experience writing production-level code, especially developing security features Benefits (US Only) At WorkOS, we offer resources that emphasize personal and familial well-being. We offer healthcare coverage for you and your family, including medical, dental, and vision. We offer parental leave, paid-time off and fully remote working arrangements. Benefits include: Competitive pay Substantial equity grants Healthcare insurance (Medical, Dental and Vision) for you and your family 401k matching Wellness and fitness monthly allowances PTO + paid holidays + unlimited sick leave Autonomy and flexibility with remote work Please inquire directly with our recruiting team for benefits available to those working outside the US. Equal Opportunity Employer WorkOS is an equal opportunity employer, committed to diversity and inclusiveness. We will consider all qualified applicants without regard to race, color, nationality, gender, gender identity or expression, sexual orientation, religion, disability or age. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us. #J-18808-Ljbffr

A financial technology company in San Francisco is seeking an experienced security-focused engineer. The ideal candidate will lead security efforts, ensuring a secure infrastructure across cloud environments. Requirements include 8+ years in security operations, strong AWS knowledge, and experience with compliance frameworks. The role includes excellent benefits like unlimited PTO, equity grants, and work-from-home flexibility. #J-18808-Ljbffr

A leading transportation company is seeking a Staff Software Engineer focusing on cloud security in San Francisco. You will design and implement security measures for cloud infrastructures and lead significant projects. Candidates need a minimum of 6 years of experience in relevant fields and expertise in modern programming languages and cloud service architecture. This role includes a hybrid work schedule with benefits like comprehensive health insurance and parental leave. #J-18808-Ljbffr

A leading e-signature company is looking for an AI Enterprise Security Engineer to design and implement security solutions for AI/ML tools. This role involves developing security strategies, conducting risk assessments, and ensuring compliance with regulations. Applicants should have over 5 years of security experience and strong knowledge of AI/ML concepts. The position allows for hybrid work arrangements, promoting a collaborative environment. Join the team and contribute to secure AI initiatives that support business objectives. #J-18808-Ljbffr