Senior Security Engineer

Our Engineering Standards at Karbon:

Balance Speed and Quality

Engineers are expected to balance delivery speed with a strong commitment to quality, meeting agreed timelines while producing reliable, maintainable, and well-tested solutions. Sound judgment in making trade-offs between velocity and long-term sustainability is essential.

Collaborate Effectively

Engineering is collaborative by default. Team members are expected to contribute constructively in design discussions, reviews, and planning, communicate clearly about progress and risks, and support shared team outcomes in both hybrid and distributed environments.

Build and Maintain Systems

Engineers are responsible for building new capabilities while maintaining and improving existing systems. This includes designing scalable solutions, reducing technical debt, supporting operational stability, and contributing to continuous improvement.

Operate with Autonomy

A high degree of autonomy is expected. Given clear objectives, engineers should independently translate problems into actionable technical approaches, proactively identify improvements, and continuously expand relevant technical expertise.

Ownership and Accountability

Ownership is fundamental. Engineers are accountable for the quality, performance, and customer impact of their work from design through post-release support, and are expected to follow through on commitments.

AI-Enabled Engineering

AI is reshaping how software is built, and we are committed to leveraging it as a force multiplier for creativity, impact, and capability. Engineers are expected to confidently apply strong technical fundamentals while embracing AI tools and approaches to enhance productivity, problem-solving, and innovation. Curiosity, adaptability, and enthusiasm for integrating AI into meaningful product development are essential.

Contribute to Team Culture

Engineers contribute positively to a culture of professionalism, transparency, low bureaucracy, and mutual respect, strengthening team performance through authenticity, curiosity, and collaboration.

About the Role! 

Seeking a development & cloud focused Senior Security Engineer to join our expanding security team.

The ideal candidate will have passion for AppSec, Cloud and AI. They will be a skilled communicator and relationship builder capable of promoting and building security practices across the organization and into our development processes.

AI is reshaping practices across the board and at Karbon we’re fully committed. We don’t see AI as a replacement but as a force multiplier. We’re looking for Security Engineers who are confident in network & security fundamentals, driven to grow, and excited by the challenges and opportunities AI brings.

What You’ll Own:

• Partner with different areas within Karbon - You will make sure security is embedded from the start from feature design and development to participating in design reviews and threat modelling.
• Balance Security and Delivery - You know how to balance delivery needs with security and can communicate security risks and issues to non technical stakeholders. You understand when it's important to push back, when to compromise and how to work with delivery teams to reach a great outcome.
• You keep up to date on the latest technologies and approaches - You are excited by the new developments such as AI bring to security but also understand the importance of security foundational practices such as good account hygiene, least privilege, attack surface reduction and MFA.
• Identify and assess security risks introduced by AI tools - You’ll assist with reviewing the risks of AI tooling usage & Integration and AI-generated code.
• Apply AI-assisted tooling to accelerate security work - you understand the impact AI can have and utilize it across many areas including triage, threat detection, code review, and documentation.
• Flexibility and confidence to work across multiple security domains - We’re a small team responsible for Security at a fast moving company and you’ll get exposure to many different security domains; you could be assisting with refining and investigating corporate IT security processes in the morning, reviewing a cloud hosted system after lunch and then tweaking detection rules!
• Work effectively as part of a team - Security is a team sport and you understand the need to build relationships and trust across the organization to enhance Karbon’s security posture. You are happy to answer questions and offer advice to teams that will reach out for your assistance.
• Own your work - You take pride in your work, feeling a deep sense of responsibility for the products we develop and ensuring we keep our customers' valuable data secure. This sense of ownership is paramount, and you share this commitment.
• Bring your passion and personality - Your creativity, curiosity, and authentic self make the team stronger. If you've worked in highly political environments, you'll find our culture, free from office politics and valuing openness and authenticity, a refreshing change.
• Help us measure improvement and steer our roadmap - Contribute to Security Metrics so we can track progress and feedback into our roadmap.

What Sets You Apart

4+ years experience in a security or development role across most of the following:

• Collaborating with teams to review designs & implementations for security issues and embedding good security practices across software development
• Triaging issues and reports, assisting teams to remedy items and testing fixes
• Working with external penetration test companies to validate and prioritize findings
• Conducting risk and vulnerability assessments of web applications and APIs and third party suppliers and integrations
• Configuring and tuning SAST, SCA and DAST Tooling
• Working with build/deployment pipelines to incorporate security tooling (Github Actions or Azure Devops YAML based pipelines)
• Assisting with implementing security focused alerting and detections and automations
• Conducting and facilitating organizational & developer focused security training
• Assisting with operational security items such as EDR alerts and MDM
• Contributing to our security roadmap

In addition you’ll need:

• Strong communication skills (spoken and written) 
• Some of the following Languages/Frameworks: Microsoft .NET/C#, JavaScript (we use React and EmberJS frameworks and, Python)
• At least one cloud platform: Azure, AWS or GCP (we use Azure predominantly)
• Working knowledge of PowerShell or Bash and Python
• Working knowledge of at least one AI development tool e.g. Claude Code, GitHub Co-Pilot etc
• Portswigger Burp or similar
• Certifications such as Offsec OSCP & AWAE, GIAC, Burp Practitioner, PJPT, Microsoft/AWS development and cloud related are nice to have
• Experience with securing AI applications, systems and AI tooling would be highly regarded

Why Work at Karbon?

• Gain global experience across Australia, New Zealand, UK, and Canada
• Strong benefits package including:
• Flexible Time Off with an encouraged 4 weeks use per year
• Company paid medical for you and eligible spouse/partner and dependents
• Paid dental and vision and eligible spouse/partner and dependents
• 401(k) with company matching
• Flexible Spending Account
• Up to 8 weeks paid parental leave
• Work-from-home stipend
• Work with (and learn from) an experienced, high-performing team
• A collaborative, team-oriented culture that embraces diversity, invests in development and provides consistent feedback
• Be part of a fast-growing company that firmly believes in promoting high performers from within

At Qualia, we've built the leading B2B real estate technology that transforms the home buying and selling experience into a simple, secure, and enjoyable process. Our SMB and Enterprise products bring together users from across the real estate ecosystem---homebuyers and sellers, lenders, title and escrow agents, and real estate agents---onto a single shared digital closing platform, providing greater clarity and transparency to real estate transactions. Today, through our business customers across the country, millions of consumers use Qualia to close on homes every year.

WHAT YOU'LL WORK ON

We are hiring an entrepreneurial Engineering Manager to lead Qualia's Application Security team. This is a builder's role. You won't just run a team - you'll redesign how a modern AppSec function operates when AI can do the first pass on nearly everything we used to do by hand.

The team today owns secure design reviews, vulnerability triage, internal penetration testing, incident response support, and security tooling across a JavaScript/NodeJS and Kubernetes stack. Your mandate is to scale that surface area vertically - growing output and coverage per engineer - by making AI-assisted workflows the default. That means automated pen testing pipelines, AI-driven triage of findings from SAST/DAST/SCA, agentic review of engineering proposals and design docs, and continuous red-teaming exercises that test both our systems and our assumptions.

You'll partner closely with Platform, Infra, and product engineering leaders to embed security earlier in the development lifecycle, and you'll be the team's voice when we set the security vision for the next two years - including anomaly detection across production traffic, model-driven threat hunting, and how we defend against (and responsibly use) AI-enabled attackers.

Securing that platform - the money, the identities, and the documents flowing through it - is what the Application Security team does every day. We're hiring an Engineering Manager to lead this team into its next chapter: one where AI is a force multiplier for every part of our security program.

RESPONSIBILITIES

• Lead and grow the Application Security team - coaching senior AppSec engineers, setting goals, and owning delivery against the security roadmap
• Build the automated pen-testing program. Stand up pipelines that run continuous, AI-assisted offensive testing against our services, APIs, and web properties - and turn the output into a triaged, actionable queue
• Scale triage with AI. Design the workflows and tooling that let the team handle 10x the volume of findings (bug bounty, scanner output, customer reports) without 10x the headcount
• Review engineering proposals. Sit at the front of the design process with engineering leaders across Core, Clear, Shield, Connect, and Atlas - reviewing RFCs and proposals, flagging risk early, and helping teams ship securely by default
• Run red-teaming exercises. Drive recurring red team engagements - both internal exercises and coordinated vendor work - and close the loop into detection, response, and product hardening
• Own the AppSec vision. Partner with the leadership team to set multi-quarter strategy across anomaly detection, threat modeling, and AI-augmented defense
• Fight fires when they happen. Lead incident response from the application security side, and be the person engineering trusts to make the call in the room
• Mentor and hire. Recruit strong AppSec engineers, mentor the ones you have, and build a team culture where people are pushed and supported in equal measure

YOUR BACKGROUND THAT LIKELY MAKES YOU A MATCH

• 5+ years as a security or full-stack engineer working on production systems, with 2+ years managing a security or platform engineering team
• Hands-on depth in application security: threat modeling, code review, and at least one offensive-security discipline (pen testing, red team)
• Track record of shipping automation that changed how a team worked - ideally including meaningful use of LLMs, agents, or ML in a security or engineering workflow
• Comfort operating across the full security lifecycle: prevention, detection, response, and recovery
• Strong written communication. You can write the design doc, the post-mortem, and the board-ready summary - and you can tell a product engineer why their proposal needs to change without shutting down the conversation
• Keen product sense and a bias toward measurable impact. You care whether the risk actually went down, not whether a ticket got closed
• Experience in fintech, real estate tech, or another regulated, high-liability domain preferred

NICE TO HAVE

• Background designing or operating anomaly-detection systems on production traffic, auth logs, or financial transactions
• Published research, CVEs, or conference talks in AppSec, offensive security, or AI security.
• Familiarity with the evolving landscape of AI-enabled offense (prompt injection, model abuse, agent exploitation) and defense

THE TECH STACK YOU'LL USE

• JavaScript / NodeJS / Typescript  / Meteor
• Microservice architecture / Kubernetes Operators
• AWS
• MongoDB
• Modern AppSec tooling: SAST/DAST/SCA and an expanding AI-assisted security automation layer that you'll help build

While this role is remote work eligible, we have three office locations: San Francisco, California; Concord, New Hampshire; and Austin, Texas.

This role has a base annual salary of $210,000-$240,000 plus a competitive equity and benefits package. (Salary to be determined by relevant experience, location, knowledge, and skills of the applicant, internal equity, and alignment with market data.)

WHY QUALIA

Qualia is made up of incredibly bright, mission-driven coworkers who are passionate about using technology to solve real-world problems---and we're growing quickly. In order to continue building an engaging and dynamic organization, we're committed to giving everyone the support they need to do great work.

Our benefits package is designed to allow our team members to be their best selves, both in and out of the workplace. In addition to comprehensive health plans, a 401k program, and commuter benefits, we prioritize family and personal well-being through professional development, parental leave, and a flexible time off policy. Qualia offers a robust online onboarding program to train new hires, biweekly all hands meetings, and a variety of internal virtual events to keep employees connected.

We believe diverse perspectives and backgrounds are critical to building great technology, and our goal is to cultivate an environment where people feel equally valued and respected. Qualia is proud to be an equal-opportunity workplace, and we welcome applicants from all backgrounds regardless of race, color, ancestry, religion, gender identity or expression, sexual orientation, marital status, age, citizenship, socioeconomic status, disability, or veteran status.

By submitting your application, you acknowledge and agree to the collection, processing, and use of your personal information as described in our Employee Data Privacy Notice.

#LI-Remote

We are looking for an Application Security Engineer to work with our engineering team to ensure security is an integral part of our Software Development Lifecycle (SDLC). In this role, you’ll have the chance to use your security and software development background to protect patients as we build products that leverage AI to improve healthcare. If you enjoy working with talented engineers to solve complex technical challenges and want to see your work make a direct difference in patient outcomes, we encourage you to apply. This role is a hybrid, requiring three days a week in our San Francisco office.

What You’ll Do:

• Partner with the engineering team to provide hands-on technical guidance to software developers throughout the vulnerability remediation lifecycle. Perform secure code reviews, validate false positive determinations, coach developers on effective remediation strategies, threat model our products and carry out essential parts of a secure SDLC.
• Drive vulnerability identification using SAST, DAST, SCA and in-house AI tooling and manage external penetration testing.
• Support engineering team on vulnerability management, including risk assessment, remediation, improving identification of vulnerabilities and translate security and privacy requirements into technical requirements.
• Build security awareness through training on secure coding practices, security standards and latest security threats.

What You Bring:

• Security Communication – Ability to reason about risk in complex environments and communicate that risk to technical and non-technical audiences. Experience leading training, speaking internally/externally about security projects valued.
• Programming Skills  – Experience writing and maintaining code in at least one modern programming language and with at least one scripting language (Heartflow uses C++/Python). Comfortable with testing frameworks and CI/CD pipelines.
• AI Development Tools – Experience using AI code tools such as Claude Code and Github Copilot for development and security testing.
• Education & Experience  – BS in Computer Science (or related degree) or relevant certifications and equivalent experience. 5+ years of total experience with at least 1 year working in Application Security or performing security tasks in a development role.
• Securing SDLC – Have contributed to secure SDLC activities, including threat modeling, code review, security testing and vulnerability management.
• Knowledge of Modern AI Security Threats – Experience working with or ability to discuss current AI threats for both machine learning and generative AI.

What Helps You Stand Out:

• Healthcare Experience – Current knowledge of HIPAA, HITRUST and the complexities of working in a regulated environment. Experience with Software as a Medical Device (SaMD) is especially valuable.
• Infrastructure as Code & Cloud – Familiarity with AWS (or equivalent cloud providers) and configuration tools (Terraform, Chef, Ansible). Experience with containerization (Docker, Kubernetes) and orchestration (GitHub Actions or similar).

A reasonable estimate of the base salary compensation range is $145,000 to $180,000 per year, bonus, and equity. #LI-IB1

Red Team Security Engineer

Astranis is looking for a Red Team Security Engineer who thinks like an adversary and views security as an art form. Our ideal candidate thrives on the challenge of finding novel ways to bypass defenses and has a natural talent for uncovering hidden attack paths. We need a creative, persistent, and resourceful individual who can emulate real-world threat actors, testing our resilience from every angle—cyber, physical, and human. This role is for the hacker at heart, dedicated to making our defenses stronger by proving where they can be broken.

Role

• Actively devise and execute sophisticated, multi-stage attack campaigns that emulate the tactics, techniques, and procedures (TTPs) of relevant threat actors.
• Identify and exploit vulnerabilities across the organization's digital and physical landscapes, including networks, applications, facilities, and personnel.
• Conduct covert red team operations, including network penetration testing, application security assessments, social engineering, and physical security breach simulations.
• Lead and participate in purple team exercises, working collaboratively with the blue team to analyze attack paths, test detection capabilities, and improve incident response playbooks in real-time.
• Assess the effectiveness of remediation efforts by re-testing identified vulnerabilities and attack paths after fixes have been implemented.
• Develop custom tooling and scripts to automate and enhance attack simulations.
• Create detailed post-engagement reports that clearly document findings, articulate business risk, and provide actionable recommendations for improving security posture.
• Act as the resident subject matter expert on offensive security and threat actor methodologies.

Requirements

• 3+ years of experience in an offensive security role (e.g., Red Teaming, Penetration Testing).
• Proven experience in planning and executing covert red team operations from reconnaissance to objective completion.
• A deep understanding of attacker TTPs and frameworks like MITRE ATT&CK.
• Proficient in at least one scripting language, such as Python, for tooling and automation.
• Hands-on experience with common offensive security tools (e.g., Cobalt Strike, Metasploit, Burp Suite, custom implants).
• Strong analytical and problem-solving skills with a creative and unconventional mindset.
• Ability to work both independently and collaboratively in a team environment.
• Excellent written and oral communication skills, with the ability to articulate complex technical risks to both technical and non-technical audiences.
• Don’t meet all the requirements? Not a problem. Please apply anyway.

Bonus

• Any relevant certifications such as OSCP, OSCE, or OSEP.
• Experience with physical security assessments or social engineering campaigns.
• Previous experience building and running a red team program.

About the Team

The Information Security organization at Postman operates across three pillars: Governance Risk & Compliance (GRC), Product Security, and Security Operations. We are a team of builders, not checkbox-checkers. We hold active SOC 2 Type II, ISO 27001, ISO 42001, and HIPAA compliance postures, and we are pursuing FedRAMP High and CMMC Level 2 authorization. Our security stack includes Wiz, SentinelOne, Okta, Jamf, and 1Password, and we operate across a multi-cloud environment.

The Offensive Security team is the "red" pulse of this organization. We don't just find bugs — we simulate the adversary to ensure our defenses hold up under real-world pressure. We focus on continuous security validation, AI-augmented adversary emulation, and offensive AI security research at Postman's scale.

The Opportunity

We are looking for a Senior Manager, Offensive Security who is as much a strategist as they are a hacker. You will own the strategic direction of Postman's offensive security program — including building out a dedicated Offensive AI Security capability from the ground up — and operate as a key partner to CISO leadership on threat-informed defense strategy.

This is not a role where you inherit a mature program and keep the lights on. You will shape what offensive security looks like at Postman for the next three years, with a specific mandate to make us an industry leader in adversarial testing of AI systems, agentic workflows, and LLM integrations.

You will lead a team that doesn't just "report" vulnerabilities but "demonstrates" them, using live exploits to build a deep, visceral security culture across the entire engineering organization.

What You’ll Do

Strategy & Program Ownership

• Set Strategic Direction: Define and execute the multi-year offensive security roadmap, aligning Red Team, Purple Team, and continuous validation capabilities to Postman's evolving threat landscape and business priorities.

• Build the Offensive AI Security Practice: Stand up and scale a dedicated offensive capability targeting AI/ML systems. This includes adversarial testing of LLM integrations, agentic workflows (MCP, tool-use chains), RAG pipelines, and model-serving infrastructure. You will define the methodology, tooling, and engagement frameworks from the ground up.

• Develop AI Threat Intelligence: Track and operationalize the rapidly evolving AI threat landscape — OWASP LLM Top 10, MITRE ATLAS, emerging attack research on agentic systems — translating external research into internal red team playbooks and detection hypotheses for Security Operations.

Hands-On Technical Leadership

• Red Team AI Systems at Depth: Go beyond checkbox assessments. Lead structured adversarial campaigns against Postman's LLM deployments, AI agents, and model pipelines — targeting prompt injection, tool-use abuse, data exfiltration via context manipulation, training data poisoning, model manipulation, and trust boundary violations in multi-agent architectures.

• Architect Autonomous Testing: Design and deploy AI-based penetration testing platforms and autonomous agents to perform continuous security validation across our API ecosystem.

• Continuous Validation: Move from manual pentesting to Continuous Offensive Security, integrating automated breach and attack simulation (BAS) into CI/CD pipelines, including AI model deployment pipelines.

People Leadership

• Lead & Cultivate: Build, manage, and scale a high-performing team of offensive security engineers — including specialized AI red team operators — providing mentorship, career development, and succession planning.

• Recruit for the Future: Identify and hire talent at the intersection of offensive security and AI/ML — a rare and competitive talent market. Build a pipeline that includes internal development paths for existing security engineers to cross-skill into AI red teaming.

Communication & Influence

• Drive Security Culture through "The Show": Lead live "Exploitable Demonstrations" — technical proof-of-concepts presented to engineering teams that show exactly how a vulnerability could be leveraged, turning abstract risks into tangible learning moments. Place particular emphasis on demystifying AI-specific attack vectors for non-ML engineers.

• Executive Communication: Translate offensive findings into business-level risk narratives for executive leadership, the board, and external stakeholders. Partner with GRC on audit evidence and compliance posture derived from offensive operations, including AI-specific risk frameworks (ISO 42001).

• Cross-Functional Partnership: Operate as a senior technical leader across Product Security, Security Operations, and Engineering, ensuring offensive findings — especially from AI red team engagements — drive measurable improvements in detection, response, and architecture.

About You

• Experience: Minimum of 8 years in offensive security (penetration testing, red teaming, vulnerability research, or exploit development) with at least 4 years in a people management or leadership capacity, including experience managing managers or tech leads.

• AI/ML Offensive Depth: Demonstrated experience attacking AI/ML systems — whether through adversarial ML research, LLM red teaming, agentic system exploitation, or building offensive tooling for AI targets. You understand the difference between prompt injection and indirect prompt injection, know what a tool-use confusion attack looks like, and can articulate why RAG poisoning is a supply chain problem.

• Strategic Acumen: Demonstrated ability to build and scale an offensive security program from the ground up or significantly mature an existing one. Experience setting OKRs, managing budgets, and presenting to executive leadership.

• Adversarial Mindset: Deep understanding of the modern threat landscape and how to apply it to cloud-native, API-first environments — extended to AI-native architectures.

• AI Offensive Tooling Fluency: Hands-on experience with AI-augmented pentesting tools (e.g., PentestGPT, Horizon3, custom LLM-based fuzzing) and purpose-built AI red team frameworks (e.g., Microsoft PyRIT, Garak, custom harnesses). Understanding of how to manage non-deterministic AI outputs in both offensive tooling and target systems.

• Pragmatic Storytelling: You believe that a well-executed exploit demo is more effective than a 50-page PDF. You can present a complex exploit chain — including an AI-specific attack path — to a room of developers in a way that is inspiring, not condescending.

• Engineering Fluency: You prefer building an automated "exploit-as-code" validator over performing the same manual test twice. You can architect evaluation harnesses and adversarial test suites for ML models.

Preferred

• Industry Presence: Track record of contributions to the offensive security or AI security community — conference talks (DEF CON, Black Hat, BSides, RSA), tool releases, published research, CVEs, or active participation in OWASP, MITRE, or similar working groups.

• Certifications: OSCP, OSCE, OSEP, GXPN, GPEN, CRTP, or equivalent hands-on offensive certifications. AI/ML-specific credentials (e.g., GIAC GMAI) are a differentiator.

• Cloud Security Expertise: Deep familiarity with AWS security primitives, cloud-native attack paths, and container/Kubernetes exploitation.

• API Security Depth: Experience with API-specific attack methodologies — BOLA, BFLA, mass assignment, GraphQL abuse, gRPC exploitation — reflecting Postman's core product domain.

• Compliance Awareness: Familiarity with how offensive security outputs map to SOC 2 Type II, ISO 27001, ISO 42001, FedRAMP, or CMMC control evidence. You don't run GRC, but you know how to feed it.

The reasonably estimated base salary for this role ranges from $275,000 to $300,000, plus a competitive equity package. Actual compensation is based on the candidate's skills, qualifications, and experience. 

MKTQ125R59

Databricks is seeking a Director, Paid Media to lead our global media planning function and define how paid media supports brand awareness, demand generation, and pipeline growth across the full funnel. 

You will lead a team of global media planners to develop audience-first, account-focused strategies that engage both technical practitioners and executive decision-makers across priority accounts. This highly cross-functional role partners closely with Corporate Brand, Product Marketing, Integrated Campaigns, Field Marketing, Analytics, and external agencies to deliver cohesive, data-driven media strategies at scale.

The impact you will have:

• Guide the development of cross-channel media strategies that deliver measurable year-over-year increases in brand awareness, target account engagement, and pipeline contribution across integrated campaigns and priority product areas.
• Build and scale a high-performing global media strategy organization by hiring and developing top talent, increasing talent density, scalability, and strategic output over time.
• Create an environment of continuous learning with clear expectations, coaching, and growth opportunities, resulting in improved team performance, stronger bench strength, and readiness to support evolving business priorities.
• Establish and scale global media planning frameworks, processes, and best practices that improve consistency and efficiency across regions and campaigns, reducing planning cycle times and increasing adoption of standard methodologies.
• Align media investment strategy and budget allocation to business goals so that a greater share of spend is directed toward the highest-impact audiences, channels, and programs, improving return on media investment and pipeline efficiency.
• Ensure media strategies are grounded in strong audience insights and aligned to key practitioner and executive personas, increasing reach, penetration, and engagement within priority accounts.
• Implement consistent global measurement frameworks and executive-ready reporting in partnership with Analytics, improving visibility into media’s contribution to pipeline and revenue and enabling faster optimization cycles.
• Model and reinforce Databricks’ culture principles while staying ahead of evolving media trends and best practices through a structured test-and-learn agenda, resulting in a collaborative, high-performance team and continuous improvements in overall media effectiveness.

What we look for:

• 10+ years of experience in media strategy, digital marketing, or integrated marketing in a B2B environment within SaaS or enterprise technology.
• Proven experience leading global media planning efforts across multiple channels and funnel stages, with demonstrated impact on pipeline, engagement, or revenue metrics.
• Demonstrated experience hiring, developing, and managing teams of individual contributors, including early and mid-career talent, with a track record of building high-performing teams.
• Strong understanding of full-funnel marketing measurement, including brand, demand, pipeline, and revenue metrics.
• Ability to set clear objectives, prioritize effectively, and empower teams to deliver results with autonomy.
• Strong collaboration and influencing skills, with experience driving alignment across matrixed organizations.
• Excellent analytical skills with the ability to translate complex data into clear strategic recommendations that drive business decisions.
• Familiarity with modern media platforms, AdTech, and measurement tools.

Social Finance, LLC seeks Cybersecurity Architect in San Francisco, CA: 

Job Duties: Be an Cybersecurity architect evangelist who can translate security concepts into language that is meaningful to our product teams and engineering. Integrate new and existing security tools, standards, and processes into the development life cycle. Develop Security test plans for new products. Design security solution blueprints that meet the system needs. Automate security checklists and implement them as "security as code" using cloud services and CICD components. Advise on the secure design of product and application architecture; communicate security requirements with well-defined user stories and initiatives and epics. Review new features, product offerings and perform threat modeling in a continuous delivery agile environment. Conducts business level security architecture assessments to features product security program and cloud application architecture, identify weaknesses, and make recommendations. Work with our risk and compliance organization to provide input to security risk impact assessment. Contribute to security policy, standards, and guidelines related to Information Security. Work with engineering teams, to ensure that application security risks are effectively identified using market leading tools SAST, DAST, SCA, etc and appropriately addressed while maintaining a balance between security usability. Architects, designs, prioritizes, coordinates, and communicates the security technologies necessary to ensure a highly secure yet usable computing environment. Provide subject matter expertise on encryption, security controls, secure design and programming practices across the Technology organization. Full time telecommuting is an option.

Minimum Requirements: Bachelor’s degree (or its foreign degree equivalent) in Computer Science, Engineering (any field), or a related quantitative discipline, and three (3) years of experience in the job offered or in any occupation in related field.

Special Skill Requirements: (1) Penetration Testing; (2) Vulnerability Assessment: (3) Secure Code Review; (4) Spring Boot; (5) SQL; (6) Wireshark; (7) Java, J2EE and Python; (8) MVC frameworks; and (9) Application Servers, Web Servers and Databases. Any suitable combination of education, training and/or experience is acceptable. Full time telecommuting is an option.

Salary: $250,000.00 - $275,000.00 per annum & standard company benefits.

Submit resume with references using the apply button on this posting or by email to: Req.# 154.2 at: ATTN: HR, jobadverts@sofi.org.

#LI-DNI

Job Description: 

The Key Account Manager (KAM) will be the face of Heartflow within a specific geographic region. The KAM will sell and promote Heartflow’s FFRct product by expanding usage in current key accounts. The Heartflow analysis is a first-of-its-kind noninvasive technology that helps clinicians diagnose and treat patients with suspected coronary artery disease (CAD).

Job Responsibilities:

• Drive penetration of Heartflow’s technology within existing accounts
• Maintain and build relationships with referring physicians’ other key clinical stakeholders within the assigned geography to grow and develop business within existing accounts
• Promote / champion Heartflow and build advocacy
• Drive sales of Heartflow’s technology at expansion sites within the key account, including prospecting, quoting, and closing new business
• Develop a pipeline of opportunities within the assigned key account
• Schedule sales calls to meet with current and potential customers
• Manage the sales process of Heartflow into new
• Build and maintain relationships with Interventional Cardiologists, Cardiologists, Radiologists, Administrative and other key clinical stakeholders (and other key decision makers) to grow and develop business
• Educate customers on Heartflow’s value proposition by giving presentations / having discussions with key decision makers
• Be accountable to achieve sales goals in the assigned geography
• Collaborate with the commercial team to develop detailed plans / strategies for Heartflow adoption and penetration within the assigned account
• Coordinate priorities / activities of a team that include business development managers, CT specialists, and payor relations managers (and others) to drive sales, increase adoption, and deliver excellent customer service
• Drive account business through regular communications with your team
• Develop volume/revenue forecasts in your assigned account through participation and leadership in forecasting roll-up calls
• Gather “voice of customer” input to guide product development and market strategy. The Key Account Manager will be expected to develop extremely deep relationships with key customers throughout the account
• Utilize salesforce.com to manage all facets of business (sales leads, activities, etc.)
• This is a home-based position with up to 80% travel

Skills Needed:

• History of proven sales skills and sales achievements
• Have worked at Heartflow in a sales/sales support role for at least 2 years.
• Knowledge/experience developing and implementing go-to-market plans for new diagnostic or therapeutic areas
• Deep understanding of cardiovascular disease and relationships with practitioners in this area in your assigned region
• Knowledge/experience in physician education regarding new technologies
• Knowledge/experience creating tactical sales plans for segmentation and anticipated adoption of Heartflow technologies
• Technical aptitude; able to discuss / explain a complex technology
• Experience with Salesforce.com or similar CRM 
• Excellent leadership, team building, and communication skills; ability to work in a fast-paced adaptive environment; self-starter and strong team player required

Educational Requirements & Work Experience: 

• BA Degree
• 8+ years of healthcare and/or business-to-business sales experience in a cardio/cardiovascular environment is required. Medical device sales experience required
• Knowledge of CT a plus

The total target compensation for this role is $235,000. Heartflow offers a robust benefits package. #LI-KS1

Position Overview

We are seeking a proficient Embedded Security Engineer to join our team and contribute to the protection of our models deployed on robotic hardware. You will be responsible for conducting comprehensive threat modeling and security assessments, as well as supporting our engineering teams in adhering to established security standards and requirements. This role involves both software engineering techniques and deep learning methods to encode/encrypt trained models. A blend of technical acumen and collaborative skills is essential, as you will develop solutions to identified risks, write test cases for security controls, and actively participate in offensive security assessments.

Responsibilities

• Conduct detailed threat modeling and security assessments of critical assets.
• Regularly update threat models to reflect evolving threats and changes in the business environment.
• Identify and explore vulnerabilities in critical software components used across our environment.
• Create and implement technical solutions to mitigate identified risks, and maintain test cases to ensure the effectiveness and resilience of the solutions.
• Collaborate with engineering teams to ensure compliance with defined security standards and requirements.
• Provide support in the implementation of security measures.
• Lead penetration tests and red team exercises.

Preferred Qualifications

• BS, MS or higher degree in Computer Science, Robotics, Engineering or a related field, or equivalent practical experience.
• Proficiency developing higher-level languages (e.g., PHP, Python, C++, or Java).
• Experience with deep learning software, frameworks, and APIs (e.g., PyTorch, etc.).
• Experience with enterprise security.
• Proven experience in threat modeling, security assessments, and penetration testing.
• Strong understanding of cybersecurity principles, frameworks, and standards.
• Understanding and experience with securing transfer and storage of deep neural network models.

About the Team

The Security Engineering team's mission is to safeguard our AI systems and maintain the trust of our users and society at large. Whether we're developing critical security infrastructure, building secure development practices, or partnering with our research and product teams, we are committed to operating as a world-class security organization and keeping the safety and trust of our users at the forefront of everything we do.

What You’ll Do:

• Conduct red and purple team engagements simulating advanced threat actors across our cloud infrastructure, endpoints and bare metal deployments.
• Penetration test specific, high value deployments.
• Contribute to AI-assisted security testing tooling and workflows.
• Work cross functionally with other security and engineering teams, particularly on AI-specific attack scenarios.
• Document and present findings to technical and executive audiences, translating attack narratives into actionable risk insights that inform security roadmaps.

Who You Are:

• 5+ years of hands-on experience in red teaming and offensive security operations
• Deep expertise in at least two of: macOS security, Linux Security, Cloud security (GCP/AWS/Azure), Kubernetes, CI/CD pipelines
• Track record of discovering novel attack vectors and chaining vulnerabilities creatively
• Experience conducting adversarial simulations against well-defended environments
• Strong engineering skills (Python, Go, or similar)
• Ability to write clear findings that drive action, helping teams understand risk and prioritize fixes
• Collaborative approach, working in close collaboration with the blue team

Strong candidates may also have experience with:

• Prior work at organizations with state actor threat models
• Interest in AI safety and how security engineering contributes to responsible AI developments
• Background testing AI/ML systems or agentic workflows
• Familiarity with detection engineering and SIEM/EDR platforms from the defensive side
• Experience with data center security or hardware-based attacks

Deadline to apply: None. Applications will be received on a rolling basis.

About the Role

The Security Engineering team at You.com is dedicated to enabling engineering teams to securely design, build, test, and maintain the software and infrastructure that powers the company’s platforms. The team establishes a "paved road" approach, ensuring engineers can deliver secure technologies with minimal friction while maintaining a strong focus on protecting the business, earning customer trust, and fostering a culture of security, transparency, and shared responsibility. Reporting to the Head of Security, this role will champion security across You.com, driving continuous improvement and empowering teams to build trusted, resilient services.

Responsibilities

• Act as a security subject matter expert to support engineers through design reviews, threat modeling, code reviews, patch creation, and security testing.
• Collaborate with product and engineering teams to architect resilient, security-first services.
• Engineer and implement secure, scalable, and resilient systems.
• Develop and customize high-signal security tooling through automation and plugins.
• Manage day-to-day security tasks, including abuse remediation, threat research, and incident handling.
• Participate in on-call rotations and incident response efforts to ensure platform and customer security.

Qualifications

• • Experience: 9+ years in security roles across disciplines such as application security, DevOps, security operations, software engineering, red teaming, incident response, security research, and AI security.
  • Technical Skills: Proficiency in programming languages like JavaScript, Python, and Terraform. Expertise in AWS cloud services, GitHub, Google Workspace, and Kubernetes.
  • Security Expertise: Hands-on experience in threat modeling, penetration testing, creating security requirements, conducting source code reviews, leading security design reviews, incident response, and securing cloud environments.
  • Collaboration & Ownership: Self-motivated, collaborative, and skilled at prioritizing work. A strong advocate of ownership, capable of managing problems end-to-end individually or within a team.
  • Security Program Management: Proven experience managing security programs with a focus on partnership and enablement.

This role is instrumental in empowering You.com’s security mission while enabling the team to deliver secure, cutting-edge technologies.

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than a quarter of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies. Our managed service platform, service innovation, and culture of excellence continue to gather accolades from industry award programs including Fast Company, Inc., SC Media, and others. For more than 16 years, we've been contributing and giving back to the security community. We’ve published more than 16 open source tools and 50 security advisories in the last five years alone. Learn more at bishopfox.com or follow us on social media.

Who You Are 

This isn't just another engineering role. You'll be joining what's essentially a startup within Bishop Fox – all the innovation and rapid iteration of an early-stage venture, powered by the resources and reputation of an established security leader.  

You are an experienced AI engineer who thrives on building real systems that operate in messy, unpredictable environments. You care deeply about reliability, evaluation, and scale—not just whether something works once, but whether it works consistently in production. 

Your mission? Build autonomous AI agents that identify genuine vulnerabilities in production applications, capable of thinking, adapting, and hacking like the world's top penetration testers.  

What You Will Do 

Pioneer AI-Driven Security Testing  

• Design and build intelligent autonomous security testing agents using large language models and cutting-edge AI/ML techniques  

• Create systems that can autonomously perform reconnaissance, identify vulnerabilities, and execute sophisticated attack chains 

• Push the boundaries of what's possible when artificial intelligence meets offensive security  

• Build robust planning, tool-use, and failure-handling mechanisms for agents operating in real-world, unpredictable applications 

Revolutionize Pen testing at Scale  

• Develop services that think and act like elite attackers, but operate 24/7 across thousands of targets  

• Transform manual testing processes into intelligent, scalable automation pipelines  

• Build systems that continuously evolve and improve their attack strategies  

• Implement long-running agent memory and context management so agents retain state, avoid redundant actions, and accumulate application knowledge 

Integrate with Enterprise-Grade Infrastructure  

• Connect your AI agents into Bishop Fox's Cosmos cloud platform  

• Scale your creations to serve Fortune 100 clients with enterprise-level reliability  

• Design architectures that can handle massive concurrent testing operations  

• Develop browser and application interaction infrastructure that enables agents to navigate, interact with, and test modern web applications 

Experiment & Innovate Rapidly  

• Prototype breakthrough approaches to AI-driven security testing  

• Build sophisticated feedback loops that make your agents smarter over time  

• Implement safety mechanisms and ethical guardrails for responsible AI deployment  

• Measure, iterate, and continuously enhance agent performance  

• Design evaluation and monitoring systems that distinguish real vulnerabilities from false positives or hallucinated findings 

Collaborate with Elite Security Minds  

• Work directly with world-class penetration testers and security researchers 

• Partner with data scientists and AI specialists to solve novel technical challenges  

• Contribute to a team culture where hacking expertise meets cutting-edge artificial intelligence  

• Apply real-world production feedback from customer environments to refine agent behavior and system reliability 

Your Experience  

• 5+ years of software engineering experience with a track record of shipping production systems  

• Deep AI/ML expertise – hands-on experience with LLMs, agent frameworks (LangChain, AutoGPT, CrewAI), or autonomous AI systems  

• Advanced programming skills in Python and Golang with clean, scalable code practices  

• Full-stack capabilities – comfortable building robust APIs, designing database schemas, and working with modern frontend frameworks (React/TypeScript experience valued)  

• Practical experience designing, evaluating, and improving agent reliability, including handling failures, edge cases, and non-deterministic behavior 

• Experience with cloud platforms (AWS, GCP, or Azure) and containerization (Docker/Kubernetes)  

• Understanding of CI/CD pipelines and DevOps practices for reliable deployments  

• Ability to architect systems that can scale from prototype to enterprise-grade solutions 

•  Must be based in the San Francisco Bay Area; remote-first with occasional, ad hoc in-office meetings only when necessary. 

The Right Mindset  

• Portfolio over pedigree – we care more about what you've built than where you learned it  

• Excitement about autonomous systems and AI agents that can operate independently  

• Comfort with ambiguity and rapid iteration in a fast-moving environment  

• Strong judgment in choosing the right tools, models, and architectural approaches for real-world constraints 

Bonus Multipliers  

• Experience in penetration testing, red teaming, ethical hacking, or security research  

• Understanding of common vulnerabilities, attack vectors, and security frameworks  

• Knowledge of security tools and methodologies (but we'll teach you what you don't know!)  

• Open-source contributions, especially in AI/automation or security domains  

• Hackathon victories or compelling side projects that demonstrate your creativity  

• Experience in startup environments or greenfield product development  

• Publications, talks, or thought leadership in AI or security communities  

• Familiarity with multi-agent systems, reinforcement learning, or swarm intelligence  

• Experience with vector databases, RAG pipelines, or advanced prompt engineering  

• Understanding of AI safety, alignment, and responsible AI development practices  

Our Values  

We strive to live by our values every day, in support of our core tenets, which are to deliver the highest quality of work for our clients, quality of life for our team, and quality of business for our industry and our future.  

• Be Excellent to Each Other 

• Do the Right Thing  

• Do What You’ll Say You’ll Do  

• Get Better Together  

• Give a Sh*t  

We offer a variety of benefits and perks, such as:  

• Generous Time Off and Company-Wide Holidays  

• Health Insurance options including Medical, Dental, Vision  

• Retirement; 401k matching for Traditional and Roth accounts in the US  

• Work From Home Support  

• Monthly allowance for cell phone and internet  

• Training Budget  

• Paid Parental Leave  

Bishop Fox is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.  All new hires must pass a background check as a condition of employment.  

Interested? Apply today!

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than a quarter of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies. Our managed service platform, service innovation, and culture of excellence continue to gather accolades from industry award programs, including Fast Company, Inc., SC Media, and others. For more than 16 years, we've been contributing and giving back to the security community. We’ve published more than 16 open source tools and 50 security advisories in the last five years alone. Learn more at bishopfox.com or follow us on social media.

Who You Are 

This isn't just another engineering role. You'll be joining what's essentially a startup within Bishop Fox – all the innovation and rapid iteration of an early-stage venture, powered by the resources and reputation of an established security leader.  

You are an experienced AI engineer who thrives on building real systems that operate in messy, unpredictable environments. You care deeply about reliability, evaluation, and scale—not just whether something works once, but whether it works consistently in production. 

Your mission? Build autonomous AI agents that identify genuine vulnerabilities in production applications, capable of thinking, adapting, and hacking like the world's top penetration testers.  

What You Will Do 

Pioneer AI-Driven Security Testing  

• Design and build intelligent autonomous security testing agents using large language models and cutting-edge AI/ML techniques  

• Create systems that can autonomously perform reconnaissance, identify vulnerabilities, and execute sophisticated attack chains 

• Push the boundaries of what's possible when artificial intelligence meets offensive security  

• Build robust planning, tool-use, and failure-handling mechanisms for agents operating in real-world, unpredictable applications 

Revolutionize Pen testing at Scale  

• Develop services that think and act like elite attackers, but operate 24/7 across thousands of targets  

• Transform manual testing processes into intelligent, scalable automation pipelines  

• Build systems that continuously evolve and improve their attack strategies  

• Implement long-running agent memory and context management so agents retain state, avoid redundant actions, and accumulate application knowledge 

Integrate with Enterprise-Grade Infrastructure  

• Connect your AI agents into Bishop Fox's Cosmos cloud platform  

• Scale your creations to serve Fortune 100 clients with enterprise-level reliability  

• Design architectures that can handle massive concurrent testing operations  

• Develop browser and application interaction infrastructure that enables agents to navigate, interact with, and test modern web applications 

Experiment & Innovate Rapidly  

• Prototype breakthrough approaches to AI-driven security testing  

• Build sophisticated feedback loops that make your agents smarter over time  

• Implement safety mechanisms and ethical guardrails for responsible AI deployment  

• Measure, iterate, and continuously enhance agent performance  

• Design evaluation and monitoring systems that distinguish real vulnerabilities from false positives or hallucinated findings 

Collaborate with Elite Security Minds  

• Work directly with world-class penetration testers and security researchers 

• Partner with data scientists and AI specialists to solve novel technical challenges  

• Contribute to a team culture where hacking expertise meets cutting-edge artificial intelligence  

• Apply real-world production feedback from customer environments to refine agent behavior and system reliability 

Your Experience  

• 7+ years of software engineering experience with a track record of shipping production systems  

• Deep AI/ML expertise – hands-on experience with LLMs, agent frameworks (LangChain, AutoGPT, CrewAI), or autonomous AI systems  

• Advanced programming skills in Python and Golang with clean, scalable code practices  

• Full-stack capabilities – comfortable building robust APIs, designing database schemas, and working with modern frontend frameworks (React/TypeScript experience valued)  

• Practical experience designing, evaluating, and improving agent reliability, including handling failures, edge cases, and non-deterministic behavior 

• Experience with cloud platforms (AWS, GCP, or Azure) and containerization (Docker/Kubernetes)  

• Understanding of CI/CD pipelines and DevOps practices for reliable deployments  

• Ability to architect systems that can scale from prototype to enterprise-grade solutions 

•  Must be based in the San Francisco Bay Area; remote-first with occasional, ad hoc in-office meetings only when necessary. 

The Right Mindset  

• Portfolio over pedigree – we care more about what you've built than where you learned it  

• Excitement about autonomous systems and AI agents that can operate independently  

• Comfort with ambiguity and rapid iteration in a fast-moving environment  

• Strong judgment in choosing the right tools, models, and architectural approaches for real-world constraints 

Bonus Multipliers  

• Experience in penetration testing, red teaming, ethical hacking, or security research  

• Understanding of common vulnerabilities, attack vectors, and security frameworks  

• Knowledge of security tools and methodologies (but we'll teach you what you don't know!)  

• Open-source contributions, especially in AI/automation or security domains  

• Hackathon victories or compelling side projects that demonstrate your creativity  

• Experience in startup environments or greenfield product development  

• Publications, talks, or thought leadership in AI or security communities  

• Familiarity with multi-agent systems, reinforcement learning, or swarm intelligence  

• Experience with vector databases, RAG pipelines, or advanced prompt engineering  
• Understanding of AI safety, alignment, and responsible AI development practices  

Our Values  

We strive to live by our values every day, in support of our core tenets, which are to deliver the highest quality of work for our clients, quality of life for our team, and quality of business for our industry and our future.  

• Be Excellent to Each Other 

• Do the Right Thing  

• Do What You’ll Say You’ll Do  

• Get Better Together  

• Give a Sh*t  

We offer a variety of benefits and perks, such as:  

• Generous Time Off and Company-Wide Holidays  

• Health Insurance options including Medical, Dental, Vision  

• Retirement; 401k matching for Traditional and Roth accounts in the US  

• Work From Home Support  

• Monthly allowance for cell phone and internet  

• Training Budget  

• Paid Parental Leave  

Bishop Fox is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.  All new hires must pass a background check as a condition of employment.  

Interested? Apply today!

Bishop Fox is the leading authority in offensive security, providing solutions ranging from continuous penetration testing, red teaming, and attack surface management to product, cloud, and application security assessments. We’ve worked with more than a quarter of the Fortune 100, half of the Fortune 10, eight of the top 10 global technology companies, and all of the top global media companies. Our managed service platform, service innovation, and culture of excellence continue to gather accolades from industry award programs including Fast Company, Inc., SC Media, and others. For more than 16 years, we've been contributing and giving back to the security community. We’ve published more than 16 open source tools and 50 security advisories in the last five years alone. Learn more at bishopfox.com or follow us on social media.

Who You Are 

The Agentic AI Software Engineer – Cybersecurity Systems designs, develops, and deploys advanced AI-driven software solutions to enhance cybersecurity detection, response, analysis, and automation capabilities. This role focuses on building and maintaining agent-based artificial intelligence systems capable of autonomously generating code, conducting security analyses, triaging alerts, identifying vulnerabilities, and recommending remediation strategies, with structured human oversight and validation. 

The position requires the application of advanced knowledge in computer science, artificial intelligence, machine learning, secure software engineering, distributed systems, and cybersecurity principles. The role involves complex system design, secure AI integration, and the development of enterprise-grade security automation platforms. 

What You Will Do 

1. Design and Develop Agentic AI Systems for Cybersecurity 

• Architect and implement AI-powered systems that perform autonomous or semi-autonomous cybersecurity tasks, including vulnerability analysis, threat detection, alert triage, log analysis, and secure code review.
• Design multi-agent architectures capable of orchestrating specialized AI agents (e.g., vulnerability scanning agents, log analysis agents, exploit pattern detection agents).
• Develop retrieval-augmented generation (RAG) pipelines to enable AI systems to securely query internal knowledge bases, threat intelligence feeds, CVE databases, and security documentation. 

2. AI-Assisted Secure Code Generation & Review 

• Utilize large language models (LLMs) to generate secure software components, scripts, detection logic, and test cases.
• Review and refine AI-generated code to ensure compliance with secure coding standards (e.g., OWASP Top 10, secure SDLC practices).
• Implement automated guardrails to detect insecure outputs, prompt injection vulnerabilities, model hallucinations, and data leakage risks.
• Design validation frameworks to benchmark AI-generated security outputs against known vulnerability patterns. 

3. Human-in-the-Loop AI Governance & Model Optimization 

• Design and implement reinforcement learning from human feedback (RLHF) workflows for cybersecurity use cases.
• Develop evaluation metrics for AI accuracy in threat detection, vulnerability identification, and remediation recommendations.
• Continuously refine prompt engineering strategies, model tuning parameters, and system architecture to improve security reliability and precision.
• Implement explainability mechanisms to support auditability and defensibility of AI-driven security decisions. 

4. Secure System Architecture & Integration 

• Develop and maintain APIs and microservices to integrate AI-powered security tools into enterprise platforms.
• Architect scalable and fault-tolerant distributed systems to support real-time security event processing.
• Deploy AI-enabled services within secure cloud environments (e.g., AWS, Azure, GCP) using containerization and orchestration technologies (Docker, Kubernetes).
• Integrate AI systems with SIEM, SOAR, vulnerability management, and endpoint detection platforms. 

5. Security Engineering & Threat Modeling 

• Conduct threat modeling for AI systems to identify adversarial risks, model exploitation vectors, and prompt injection vulnerabilities.
• Implement secure authentication, authorization, encryption, and data governance controls.
• Develop safeguards to prevent misuse of AI systems in exploit development or unintended security bypass scenarios.
• Perform security reviews and penetration testing of AI-driven software components. 

6. Testing, Validation & Performance Optimization 

• Design automated test pipelines for AI-driven security workflows.
• Conduct adversarial testing to evaluate resilience against malicious inputs.
• Monitor system performance metrics (latency, false positive rates, detection accuracy).
• Optimize inference pipelines and distributed systems for reliability and scalability. 

7. Documentation & Cross-Functional Collaboration 

• Produce detailed architectural documentation for AI security systems.
• Collaborate with cybersecurity researchers, product teams, software engineers, and cloud architects to translate threat intelligence and security requirements into scalable AI-enabled solutions.
• Provide technical guidance on AI governance, responsible AI deployment, and secure AI lifecycle management. 

Your Experience  

• Required Education
  • Bachelor’s degree or higher in Computer Science, Computer Engineering, Software Engineering, Artificial Intelligence, Cybersecurity, Information Security, or a closely related technical field.
• Required Experience & Technical Skills
  • Strong foundation in algorithms, data structures, and object-oriented programming.
  • Proficiency in programming languages such as Python, Java, C++, or similar.
  • Experience developing AI or machine learning systems for security-related applications.
  • Experience working with large language models (LLMs) and prompt engineering techniques.
  • Experience with AI orchestration frameworks (e.g., LangChain, LlamaIndex, AutoGen, Semantic Kernel, or similar).
  • Experience implementing secure software development lifecycle (SSDLC) practices.
  • Knowledge of cybersecurity concepts including vulnerability management, threat modeling, penetration testing, SIEM/SOAR platforms, and common attack vectors.
  • Experience deploying applications in cloud environments (AWS, Azure, or GCP).
  • Familiarity with containerization and orchestration tools (Docker, Kubernetes).
  • Experience building RESTful APIs and microservices architectures.
• Preferred Qualifications
  • Master’s degree in Computer Science, Artificial Intelligence, or Cybersecurity.
  • Experience designing AI systems for automated threat detection or exploit analysis.
  • Experience with reinforcement learning, fine-tuning, or model evaluation frameworks.
  • Experience integrating AI systems with cybersecurity tooling ecosystems.
  • Familiarity with NIST, ISO 27001, or similar security standards. 

Our Values  

We strive to live by our values every day, in support of our core tenets, which are to deliver the highest quality of work for our clients, quality of life for our team, and quality of business for our industry and our future.  

• Be Excellent to Each Other
• Do the Right Thing  
• Do What You’ll Say You’ll Do 
• Get Better Together  
• Give a Sh*t  

We offer a variety of benefits and perks, such as:  

• Generous Time Off and Company-Wide Holidays 
• Health Insurance options including Medical, Dental, Vision  
• Retirement; 401k matching for Traditional and Roth accounts in the US  
• Work From Home Support  
• Monthly allowance for cell phone and internet  
• Training Budget  
• Paid Parental Leave  

Specialty Occupation Justification 

The duties of this position require the theoretical and practical application of specialized knowledge in computer science, artificial intelligence, distributed systems, and cybersecurity engineering. The design and implementation of AI-driven, agent-based cybersecurity systems necessitate advanced understanding of algorithms, machine learning methodologies, secure system architecture, threat modeling, and secure coding standards. Such knowledge is typically acquired through completion of at least a bachelor’s degree in a specific technical field such as Computer Science, Artificial Intelligence, or Cybersecurity. 

The complexity of developing autonomous AI systems that analyze vulnerabilities, evaluate exploit patterns, and integrate securely with enterprise cybersecurity infrastructure requires a highly specialized educational background and cannot be performed without advanced technical training. 

Bishop Fox is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex including sexual orientation and gender identity, national origin, disability, protected veteran status, or any other characteristic protected by applicable federal, state, or local law.  All new hires must pass a background check as a condition of employment.