What we are looking for

Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all.

We're searching for a Staff Security Platform Engineer to join our Enterprise Security Engineering team, reporting to the Technical Lead Manager of Security Engineering.

Aurora is scaling its autonomous trucking operations, and we need someone who makes our security tools actually work, not just deployed, but deeply configured, continuously tuned, and fully leveraged. This role is for the practitioner who has spent their career living inside security platforms: the person who knows their EDR better than the vendor's own support team, who can write a SIEM query from memory, and who instinctively knows when an alert is misfiring and exactly why.

This is not a software engineering role. It's a role for an elite security operator — someone with the instincts of a seasoned SOC analyst and the technical depth to own the platforms that power detection, response, and protection at enterprise scale. If you find deep satisfaction in mastering a tool, closing a coverage gap, or hunting down a threat that nobody else noticed, this role was written for you.

In this role you will

• Own the operational health, configuration, and continuous improvement of Aurora's enterprise security platform stack — including EDR/XDR, MDM, SIEM, DLP, IAM/IGA, DNS security, Email security, and PKI — ensuring each tool is tuned, policy-complete, and delivering reliable signal.
• Develop and refine detection rules, correlation logic, and alert policies, reducing noise while ensuring Aurora maintains high-fidelity coverage against real threats.
• Conduct proactive threat hunting across Aurora's security telemetry — forming hypotheses, querying logs, and investigating anomalies before they surface as incidents.
• Serve as the deepest internal expert on Aurora's enterprise security tooling, acting as the escalation point for complex platform issues, misconfigurations, and detection failures.
• Participate in the team's on-call rotation, leading deep-dive investigations into security alerts and incidents and driving triage, containment, and root cause analysis.
• Continuously audit and validate that existing security controls are configured to actually do what they're supposed to do — not just deployed and forgotten.
• Maintain operational runbooks, detection documentation, and platform configuration records, ensuring the team can operate consistently and scale institutional knowledge.

Required qualifications

• 12+ years of hands-on experience in enterprise security operations, security platform administration, or a senior SOC engineering role — with a career built on deep operational ownership of security tooling rather than software development.
• Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery), with strong working knowledge across several others.
• Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations — writing custom detection logic, adjusting policy sets, and validating control effectiveness.
• Strong log analysis and threat hunting skills: you know how to build a hypothesis, write the query, follow the thread, and know when to escalate.
• Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review — and communicating findings clearly to technical and non-technical stakeholders.
• Ability to assess security control effectiveness: not just "is this tool deployed" but "is it configured correctly, covering the right scope, and generating actionable signal."
• Comfort working under pressure in ambiguous, fast-moving situations with competing priorities.

Desirable qualifications

• Scripting ability for automation, log parsing, or workflow improvement (Python, Bash, or similar) — you don't need to be a software engineer, but you can write a script when it saves you an hour.
• Deep familiarity with MITRE ATT&CK as an operational tool for detection gap analysis and threat hunting hypothesis development.
• Experience with AWS security telemetry (CloudTrail, GuardDuty, Security Hub) and integrating cloud signals into a corporate SIEM.
• Familiarity with Zero Trust and identity-centric security models as they apply to policy enforcement in IAM and endpoint platforms.
• Platform-specific certifications such as CrowdStrike Certified Falcon Administrator, Splunk Core Certified Power User, or equivalent — or practitioner certifications like GCIH, GCIA, GCFE, or GCFA.

The base salary range for this position is $189,000 - $274,000 per Year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

What we are looking for

Aurora hires talented people with diverse backgrounds who are ready to help build a transportation ecosystem that will make our roads safer, get crucial goods where they need to go, and make mobility more efficient and accessible for all.

We're searching for a Staff Security Platform Engineer to join our Enterprise Security Engineering team, reporting to the Technical Lead Manager of Security Engineering.

Aurora is scaling its autonomous trucking operations, and we need someone who makes our security tools actually work, not just deployed, but deeply configured, continuously tuned, and fully leveraged. This role is for the practitioner who has spent their career living inside security platforms: the person who knows their EDR better than the vendor's own support team, who can write a SIEM query from memory, and who instinctively knows when an alert is misfiring and exactly why.

This is not a software engineering role. It's a role for an elite security operator — someone with the instincts of a seasoned SOC analyst and the technical depth to own the platforms that power detection, response, and protection at enterprise scale. If you find deep satisfaction in mastering a tool, closing a coverage gap, or hunting down a threat that nobody else noticed, this role was written for you.

In this role you will

• Own the operational health, configuration, and continuous improvement of Aurora's enterprise security platform stack — including EDR/XDR, MDM, SIEM, DLP, IAM/IGA, DNS security, Email security, and PKI — ensuring each tool is tuned, policy-complete, and delivering reliable signal.
• Develop and refine detection rules, correlation logic, and alert policies, reducing noise while ensuring Aurora maintains high-fidelity coverage against real threats.
• Conduct proactive threat hunting across Aurora's security telemetry — forming hypotheses, querying logs, and investigating anomalies before they surface as incidents.
• Serve as the deepest internal expert on Aurora's enterprise security tooling, acting as the escalation point for complex platform issues, misconfigurations, and detection failures.
• Participate in the team's on-call rotation, leading deep-dive investigations into security alerts and incidents and driving triage, containment, and root cause analysis.
• Continuously audit and validate that existing security controls are configured to actually do what they're supposed to do — not just deployed and forgotten.
• Maintain operational runbooks, detection documentation, and platform configuration records, ensuring the team can operate consistently and scale institutional knowledge.

Required qualifications

• 12+ years of hands-on experience in enterprise security operations, security platform administration, or a senior SOC engineering role — with a career built on deep operational ownership of security tooling rather than software development.
• Expert-level proficiency administering and operating at least two enterprise security platforms (e.g., CrowdStrike, SentinelOne, Splunk, Panther, Sentinel, Jamf, Kandji/Iru, Puppet, WorkspaceONE, Intune, Zscaler, Okta, Proofpoint, Wiz, osquery), with strong working knowledge across several others.
• Demonstrated ability to tune and optimize security platforms beyond out-of-the-box configurations — writing custom detection logic, adjusting policy sets, and validating control effectiveness.
• Strong log analysis and threat hunting skills: you know how to build a hypothesis, write the query, follow the thread, and know when to escalate.
• Experience conducting thorough incident investigations — triage, containment, root cause analysis, and post-incident review — and communicating findings clearly to technical and non-technical stakeholders.
• Ability to assess security control effectiveness: not just "is this tool deployed" but "is it configured correctly, covering the right scope, and generating actionable signal."
• Comfort working under pressure in ambiguous, fast-moving situations with competing priorities.

Desirable qualifications

• Scripting ability for automation, log parsing, or workflow improvement (Python, Bash, or similar) — you don't need to be a software engineer, but you can write a script when it saves you an hour.
• Deep familiarity with MITRE ATT&CK as an operational tool for detection gap analysis and threat hunting hypothesis development.
• Experience with AWS security telemetry (CloudTrail, GuardDuty, Security Hub) and integrating cloud signals into a corporate SIEM.
• Familiarity with Zero Trust and identity-centric security models as they apply to policy enforcement in IAM and endpoint platforms.
• Platform-specific certifications such as CrowdStrike Certified Falcon Administrator, Splunk Core Certified Power User, or equivalent — or practitioner certifications like GCIH, GCIA, GCFE, or GCFA.

The base salary range for this position is $189,000 - $274,000 per Year. Aurora’s pay ranges are determined by role, level, and location. Within the range, the successful candidate’s starting base pay will be determined based on factors including job-related skills, experience, qualifications, relevant education or training, and market conditions. These ranges may be modified in the future. The successful candidate will also be eligible for an annual bonus, equity compensation, and benefits.

We are looking for a versatile SOC analyst to join the team and write, tune and respond to alerts covering the entire environment from endpoints to cloud infrastructure. This exciting opportunity empowers you to ensure the right alerts come in and you don’t burn out on false positives. We are a forward thinking organization that leverages AI. Your work would take place during regular business hours. Weekend coverage will be necessary. From time to time evenings as well. The expectation is that we build for 24x7 coverage but you will be asked to step in to assist the team.

Responsibilities:

• Review and triage security alerts from a wide variety of sources across the organization
• Carefully tune rules to reduce false positives
• Write new rules to ensure appropriate MITRE ATT&CK framework coverage
• Escalate potential incidents
• Assist in any incident response activities
• Ability to run projects from beginning to end
• Work with Engineering and IT on visibility coverage and detection       

Qualifications:

• 2+ years responding to alerts
• Familiar with MITRE ATT&CK framework
• Comfortable writing and tuning detection rules
• Experience triaging alerts and establishing if an event rises to an incident
• Varied exposure to a variety of application, SaaS, cloud and end point logs
• Strong communication skills towards technical and non-technical people
• Preference for people who have experienced a real life security incident that they detected                   

If you are interested in this opportunity, please apply with your resume and cover letter. We are an equal opportunity employer and welcome all qualified candidates to apply.

Why Join BitGo?

Disrupting an industry takes vision, innovation, passion, technical chops, drive to deliver, collaboration, and execution. Join a team of great people who strive for excellence and personify our corporate values of ownership, craftsmanship, and open communication. We are looking for new colleagues who bring innovative ways of thinking and problem solving, and who want risks to be part of the team that changes the world’s financial markets.

Here are some of the benefits* of working at BitGo:

• Competitive base salary, bonus and stock options
• 100% company paid health insurance for employee, partner and dependents
• Up to 4% 401k company match
• Paid parental leave, Paid vacation
• Free commuter/parking pass; 5 min from Caltrain
• Free custom lunches, dinners and snacks 
• Computer equipment and workplace furniture to suit your needs
• Great colleagues and inspiring startup environment
• *Benefits may vary based on location 

Cryptocurrencies are the most disruptive change the financial services industry has seen in years. Join us and you’ll be able to look back and say you were part of the team that transformed investing.

Pay Transparency Notice: Depending upon your leveling and location, the compensation for this role averages between $115,000 - $145,000 USD base salary. Equity, an annual performance bonus and the benefits outlined below are also a part of this role's package.

We are looking for a versatile SOC analyst to join the team and write, tune and respond to alerts covering the entire environment from endpoints to cloud infrastructure. This exciting opportunity empowers you to ensure the right alerts come in and you don’t burn out on false positives. We are a forward thinking organization that leverages AI. Your work would take place during regular business hours. Weekend coverage will be necessary. From time to time evenings as well. The expectation is that we build for 24x7 coverage but you will be asked to step in to assist the team.

Responsibilities:

• Review and triage security alerts from a wide variety of sources across the organization
• Carefully tune rules to reduce false positives
• Write new rules to ensure appropriate MITRE ATT&CK framework coverage
• Escalate potential incidents
• Assist in any incident response activities
• Ability to run projects from beginning to end
• Work with Engineering and IT on visibility coverage and detection       

Qualifications:

• 2+ years responding to alerts
• Familiar with MITRE ATT&CK framework
• Comfortable writing and tuning detection rules
• Experience triaging alerts and establishing if an event rises to an incident
• Varied exposure to a variety of application, SaaS, cloud and end point logs
• Strong communication skills towards technical and non-technical people
• Preference for people who have experienced a real life security incident that they detected                   

If you are interested in this opportunity, please apply with your resume and cover letter. We are an equal opportunity employer and welcome all qualified candidates to apply.

Why Join BitGo?

Disrupting an industry takes vision, innovation, passion, technical chops, drive to deliver, collaboration, and execution. Join a team of great people who strive for excellence and personify our corporate values of ownership, craftsmanship, and open communication. We are looking for new colleagues who bring innovative ways of thinking and problem solving, and who want risks to be part of the team that changes the world’s financial markets.

Here are some of the benefits* of working at BitGo:

• Competitive base salary, bonus and stock options
• 100% company paid health insurance for employee, partner and dependents
• Up to 4% 401k company match
• Paid parental leave, Paid vacation
• Free commuter/parking pass; 5 min from Caltrain
• Free custom lunches, dinners and snacks 
• Computer equipment and workplace furniture to suit your needs
• Great colleagues and inspiring startup environment
• *Benefits may vary based on location 

Cryptocurrencies are the most disruptive change the financial services industry has seen in years. Join us and you’ll be able to look back and say you were part of the team that transformed investing.

Pay Transparency Notice: Depending upon your leveling and location, the compensation for this role averages between $115,000 - $145,000 USD base salary. Equity, an annual performance bonus and the benefits outlined below are also a part of this role's package.

ABOUT THE TEAM

Anduril's Detection and Response team is looking for a Security Operations Analyst to be the watchtower for Anduril's critical defense technologies. As a SecOps Analyst on the detection and response team, you'll be responsible for monitoring and responding to adversarial activity while helping incorporate key detection feedback loops with the detection engineering team. As a Senior SecOps Analyst, you will serve as an incident commander alongside other senior analysts. When not responding to threats, you'll be asking questions of our data sets, conducting threat hunting and data normalization operations across the organization to understand user behavior and identify anomalies. 

WHAT YOU'LL DO

• Triage and respond to alerts / incidents covering multiple disciplines including, but not limited to, phishing, endpoints, cloud infrastructure and services, and SaaS applications
• Build and optimize tailored detection signatures, response playbooks, and response automation using detection-as-code principles
• As the frontline of DNR, you will lead the feedback loop for detections, ensuring alerts are fine tuned to reduce false positives
• Participate in threat modeling scenarios with cross-functional partners to understand weaknesses across Cloud, Mobile, Endpoints, and other environments incorporating findings into security controls and/or detection signatures
• Organize and conduct threat hunting and data baselines to identify anomalous patterns in data
• Participate in an on-call rotation responding to security events and conducting incident response investigations while effectively communicating findings to key stakeholders. As a Senior SecOps Analyst, you will serve as an incident commander as necessary.
• Proactively collaborate with a wide range of stakeholders, guiding detection and response maturity of key worlds, leading incidents and large-scale data baselines, and being responsible with mentoring and guiding junior analysts.

REQUIRED QUALIFICATIONS

• Experience in security monitoring, log analysis, and detection engineering within large data sets across endpoint, network, and a wide variety of application log sources
• Experience in Python development, specifically contributing to a shared codebase used for automating SOC operations
• Must have experience with one or more SIEM languages (SPL, KQL, SQL)
• Experience conducting analysis in a data lake environment
• Broad range of practical security knowledge across the spectrum of endpoint, network, identity, application, and cloud infrastructure
• Knowledge of attacker tactics, techniques, and procedures (TTPs) across Windows, Linux, MacOS, AWS/Azure, etc.
• Strong communication skills and experience collaborating with internal and external stakeholders
• Must be able to obtain and hold a U.S. Top Secret security clearance

PREFERRED QUALIFICATIONS

• Experience conducting incident response in the Cloud (AWS, Azure, GCP)
• Digital Forensics and/or reverse engineering experience is a plus!

Cybersecurity Analyst 

InfoSec Organization •  Reports to CISO  •  On-site 

About the Role 

We are hiring a Cybersecurity Analyst to own our day-to-day security monitoring function and produce the evidence required to achieve and maintain our cybersecurity certification. This role is the operational core of our cybersecurity organization, responsible for managing alert triage across our cybersecurity tool stack, coordinating with our managed SOC partner, documenting security events, and keeping our monitoring and incident response activities continuously evidenced and ready for review. 

This is a hands-on, high-accountability role reporting directly to the CISO. You will work closely with our InfoSec Engineer, Compliance Program Manager, and our managed security operations partner. You will help set up and monitor our security tool stack, which spans endpoint protection, network detection, secure web access, application control, and identity management. You establish the monitoring cadence that keeps our security posture visible and our compliance evidence current. 

The Immediate Mission 

You will be assisting in getting the organization assessment ready: 

• Take ownership of daily alert triage across our security tool stack, reviewing and dispositioning alerts before they age without review 
• Serve as the internal liaison to our managed SOC partner, receiving their monitoring reports, validating their outputs, and integrating their work into our compliance evidence.
• Build and maintain the incident log, ensuring every security event is captured, classified, and closed with supporting documentation.
• Produce audit log evidence demonstrating that our systems are monitored, logs are retained, and events are reviewed on a consistent schedule.
• Deliver regular monitoring reports to our compliance tracking platform, ensuring up-to-date evidence flows into our central repository.
• Coordinate with the Compliance Program Manager to ensure monitoring and incident response evidence is organized and ready for assessor review.

What You’ll Own 

Security Monitoring and Alert Triage 

• Own daily triage of alerts from our network detection platform and other security tools, reviewing, classifying, escalating, and documenting dispositions.
• Serve as the primary internal point of contact for our managed security operations partner, receiving daily and weekly alert summaries, validating completeness, and tracking open items to closure.
• Maintain the security event log, a running record of alerts, dispositions, escalations, and outcomes that serve as core compliance evidence 
• Identify patterns in alert data and surface recurring issues to the InfoSec Engineer for remediation.
• Ensure continuous monitoring coverage is documented and demonstrable, a direct requirement of the cybersecurity framework we are certifying against 

Incident Response Documentation 

• Own the incident log, documenting every security event from detection through closure, including timeline, classification, containment actions, and resolution.
• Coordinate with our managed security operations partner on incident triage, escalation, and post-incident reporting, ensuring their outputs are captured and integrated into our internal records.
• Maintain the Incident Response Plan as a living document, updating it based on lessons learned and ensuring it reflects actual operational procedures.
• Produce incident response evidence for our compliance assessment, including incident logs, escalation records, containment documentation, and post-incident reviews.
• Support the Compliance Program Manager in mapping incident documentation to the applicable compliance controls.

Log Management and Audit Evidence 

• Pull and organize log samples from our endpoint protection, network security, web access, application control, and identity management platforms, demonstrating that logging is active and coverage is comprehensive.
• Document log configuration, including retention settings, coverage scope, and alert thresholds, as evidence that our monitoring posture meets compliance requirements 
• Produce regular monitoring reports to our compliance tracking platform, ensuring the system reflects the current operational status 
• Coordinate with the InfoSec Engineer to ensure logging is enabled and configured correctly across all systems in scope.
• Maintain organized evidence packages, including log samples, triage records, and monitoring reports, ready for assessor review.

Managed SOC Coordination 

• Serve as the day-to-day operational liaison to our managed security operations partner, tracking deliverables, validating report quality, and escalating gaps to the CISO.
• Ensure monitoring outputs from our security partner are received on schedule and integrated into internal compliance records.
• Own the deliverable log, tracking what has been received, what is outstanding, and what has been incorporated into evidence packages.
• Coordinate with the Compliance Program Manager to ensure third-party security operations outputs satisfy our compliance requirements.

Continuous Monitoring and Compliance Platform 

• Maintain our compliance tracking platform as the operational source of truth for monitoring evidence, uploading reports, log reviews, and control status updates on a regular cadence 
• Support the Compliance Program Manager in maintaining continuous compliance readiness after certification 
• Flag gaps in monitoring coverage, log retention, or incident documentation to the CISO and Compliance Program Manager 
• Participate in periodic control effectiveness reviews, providing operational data and evidence to support ongoing assessments 

Basic Qualifications 

• 3 or more years in cybersecurity operations, SOC analyst, or cybersecurity monitoring role 
• Hands-on experience with endpoint protection, network detection, or security event management platforms in an operational capacity, including reviewing alerts, triaging events, and documenting outcomes 
• Demonstrated ability to write and maintain incident response documentation, such as incident logs, incident reports, and post-incident reviews 
• Experience working with or alongside a managed security operations provider, receiving their output, and integrating it into internal security operations 
• Familiarity with audit logging requirements and log review processes, including an understanding of what logging coverage means and how to demonstrate it 
• Organized, detail-oriented, and able to maintain documentation quality under day-to-day operational pressure 
• Comfortable working in a lean security organization where you own your domain independently 

Preferred Qualifications 

• Direct experience supporting a formal cybersecurity compliance effort, with an understanding of how operational security outputs map to compliance evidence 

Our current security tool stack and the experience we are looking for: 

• Endpoint protection and detection — we use CrowdStrike 
• Network detection and response — we use Darktrace 
• Secure web gateway and network security — we use Zscaler 
• Application allows listing and execution control — we use ThreatLocker 
• Identity and access management event monitoring — we use Okta 
• Compliance tracking and evidence management — we use Vanta 
• Relevant certifications are a plus but not required. We recognize Security+, CySA+, GCIA, GCIH, and CISA as strong signals for this role. Candidates working toward or eligible for CISSP are equally welcome. 
• Familiarity with compliance-driven security environments, where day-to-day monitoring and incident documentation are part of a larger audit and certification process, is a plus but not required.
• Familiarity with security information and event management platforms such as Splunk, Microsoft Sentinel, or Chronicle, relevant as we continue to build out our log aggregation capabilities 
• A bachelor’s degree in computer science, Information Technology, Cybersecurity, or a related field is a plus. Equivalent hands-on experience, military cybersecurity training, or industry certifications are equally considered. 

Compensation

• Cybersecurity Analyst: $110,000 - $140,000
• Leveling and base salary are determined by job-related skills, education level, experience level, and job
• performance
• You will be eligible for long-term incentives in the form of stock options and/or long-term cash awards
• Offer compensation also includes the ability to purchase company stock through the Employee Stock Purchase Plan

The Mission

Panther is building the future of SOC automation through AI agents that fundamentally change how security teams operate. Our vision is to enable SOC teams to cover 5-10x more data without proportionally scaling headcount by automating the most time-intensive analyst work: alert triage, analysis, and risk validation. We're building intelligent agents that leverage our data pipeline and alerting capabilities to create a SOC team extension that gets smarter over time through collective intelligence.

The Team + Role

You'll build and lead Panther’s agentic team focused on AI-powered SOC analyst solutions that sit at the intersection of security and cutting-edge ML engineering. This is a customer-centric product engineering leadership role where you'll own the execution of our product roadmap, be the bridge between Engineering and Product Management, and you’ll build and lead the team through change alongside our customers, the industry and within the security domain. We're building autonomous security capabilities for alert triage, interactive chat, detection code generation, and text-to-search, all deeply integrated with Panther's ingestion pipeline. This role is ideal for a leader who combines strong people management skills and B2B product engineering experience within the security domain; SOC automation and XDR.

What You'll Need

• Leadership & People Management:
  • 5+ years of people management experience leading product engineering teams
  • Proven track record of hiring, developing, and retaining high-performing engineers
  • Experience managing cross-disciplinary teams and owning all aspects of people leadership
  • Strong partnership skills with recruiting teams to scale headcount effectively

• Business & Product Acumen:
  • Experience working in product-sales environments with direct customer exposure
  • Experience operating in ambiguous environments and making strategic decisions with incomplete information
  • Track record of owning the partnership between Product, Design and Engineering to define vision and roadmap
  • Experience owning user-facing product features from conception to delivery

• Technical Foundation:
  • Experience scaling a team focused on building agentic products and driving ai lead outcomes.
  • Technical depth to participate in architecture discussions and unblock teams on complex design decisions
  • AWS experience preferred (serverless architectures, cloud infrastructure)
  • Cybersecurity background is a nice-to-have but not required
  • Familiarity with modern engineering stacks (Golang, React, TypeScript, GraphQL) helpful

• Mindset:
  • Customer-obsessed: You understand that your team's integrations are the first experience customers have with Panther
  • Owner mentality: You take responsibility for outcomes, not just outputs
  • Team-focused: You prioritize team health, growth, and sustainability alongside delivery

What You'll Do

• • Lead and grow Panther's AI team — hire, develop, and retain engineers working at the intersection of security and AI, building the capabilities that will define Panther's next chapter as a mature AI SOC platform.
  • Own the AI team's delivery — drive execution of the roadmap across autonomous alert triage, interactive chat, detection code generation, and text-to-search, balancing velocity with technical quality.
  • Build Panther's SOAR capabilities using AI infrastructure — lead the team in developing a next-generation Security Orchestration, Automation, and Response solution that leverages Panther's AI infrastructure, MCP integrations, and AI policy framework to automate analyst workflows at scale.
  • Shape the AI SOC platform strategy — partner with Product and the Director of Engineering to define and evolve the roadmap across critical verticals: agentic triage, MCP-powered integrations, AI policies, and collective intelligence.
  • Drive technical direction without coding — participate actively in architecture discussions, challenge design decisions, unblock the team on complex problems, and raise the bar on how we build agentic systems, LLM pipelines, and security automation.
  • Operate with a security-first mindset — collaborate with the broader engineering org on reliability, on-call health, and security practices, ensuring AI features meet the trust and compliance standards Panther's customers expect.
  • Contribute to engineering-wide leadership — participate in hiring loops, share learnings across teams, and help shape how Panther builds and scales its engineering organization as we grow.

We believe in transparency throughout our process — including how we approach AI.

We recognize that AI tools can enhance productivity and support high-quality work. Candidates are welcome to use AI tools for assistance when preparing application materials and completing take-home assignments. If AI use is not permitted for a specific assessment, we will indicate that clearly in the instructions. During live interviews, we ask that candidates not use AI tools to generate or supply real-time answers. This includes reading from AI-generated responses or prompts during conversational, behavioral, or technical discussions. These conversations are designed to understand your individual thinking process, problem-solving approach, and ability to communicate your ideas.

We also use AI tools to support our recruiting processes; hiring decisions are made by our team, not AI.

Reasonable Accommodations
We are committed to providing equal opportunity to all candidates. If you require the use of an AI-based tool or any other assistive technology as a reasonable accommodation for a disability or medical condition, please notify us prior to your interview. We will engage in an interactive process to determine what arrangements are appropriate for your situation. Accommodation requests are handled individually and in accordance with applicable law.

About Panther

Panther makes security teams smarter and faster than attackers.

We're building the AI SOC platform that modern security teams need. Our Detection-as-Code approach, cloud-native architecture, and powerful security data lake help teams detect and respond to threats at scale. Security teams at leading companies use Panther to protect their organizations without the overhead and costs of legacy SIEM solutions.

Founded by security practitioners who lived the pain of protecting large organizations, we've raised $140M from Coatue, Lightspeed, ICONIQ Growth, Snowflake Ventures, and others. We're a global, remote-first company serving customers worldwide.

Our culture is built on flexibility, transparency, and collaboration. We operate by three core values: Create Customer Love, Be an Owner, and Take Care of the Team. We believe diverse perspectives make us better, and that building great security technology should also mean building a rewarding place to work.

The Perks

• Competitive equity in a well-established cybersecurity company
• Unlimited PTO with a 15-day minimum, plus local federal holidays
• Latest tech equipment and budget for your personalized setup
• Comprehensive health and benefits coverage
• Remote-first culture built for distributed teams

Panther Labs is an Equal Opportunity Employer. The Company prohibits discrimination and harassment on the basis of: race, color, national origin, ancestry, sex (including pregnancy, childbirth, breastfeeding), gender, gender identity, gender expression, sexual orientation, marital status, age, religious creed, physical disability, mental disability, genetic information, military or veteran status, or any other status protected by law. All employment decisions are decided on the basis of qualifications, merit, and business need.

The annual cash compensation target: $180,000-$250,000 depending on experience