Director of Information & Application Security

Join Our TeamFieldwire is actively seeking a talented and seasoned Director of Information Security to enhance our team. As a premier provider of Construction Software solutions, we pride ourselves on delivering top-notch security measures. This pivotal role is classified as Line of Defense 1, where you will spearhead the definition, ownership, and execution of our product security program, ensuring adherence to legal standards and regulatory frameworks. Ideal candidates will possess strategic thinking abilities, exceptional communication skills, and extensive expertise in product security protocols, technologies, and standards.Your ResponsibilitiesServe as the Product Business Information Security Officer for Fieldwire.Design, own, and execute a comprehensive product security enhancement plan.Evaluate and identify product security risks and vulnerabilities.Collaborate with management to embed security measures into our software products and business workflows.Provide security incident reports and mitigation strategies to management.Assist the Head of Construction Software Security & GRC in various cybersecurity initiatives.Engage closely with other Information Security Officers within Hilti, the Group CISO.Analyze evolving regulatory and legal changes (e.g., NIST, CRA, NIS2, EU AI data act), translating them into actionable requirements and overseeing their implementation.Independently manage projects pertaining to information and product security, from conception to implementation.Oversee specific security areas such as Cloud & AI Security or technical risk assessments within Fieldwire.Contribute to the ongoing enhancement of security architecture, ICS, and ICT & cyber risk management for Fieldwire.Maintain Fieldwire's SOC2 certification and support the Group's ISO27001 certification.Coordinate internal and external audits related to information and product security, ensuring the execution of resulting recommendations.

Join Cloudflare as the Senior Director of Product Marketing focused on Application Security and Performance. In this pivotal role, you will lead our marketing strategy, driving awareness and adoption of our innovative security solutions. You will collaborate closely with cross-functional teams to deliver compelling narratives that resonate with our customers and stakeholders.Your expertise will guide the development of marketing programs and sales enablement tools that showcase our competitive advantages in the market. This is an exciting opportunity to shape the future of application security and performance while working in a hybrid environment.

Role Overview Trustly is hiring a Chief Information Security Officer (CISO) based in San Francisco, CA. This senior leader shapes the company’s approach to protecting sensitive information and meeting regulatory requirements. The CISO sets the direction for security strategy and works to maintain the integrity of Trustly’s systems. What You Will Do Develop and implement security strategies that address current and emerging threats Oversee risk assessments to identify and address vulnerabilities Ensure compliance with relevant regulations and standards Promote security awareness and best practices throughout the organization Work with teams across departments to embed security into daily business operations Collaboration and Leadership This role requires close partnership with leaders and staff across Trustly. The CISO helps build a culture where security is understood and valued at every level.

About Our TeamAt OpenAI, security is a core pillar of our commitment to ensuring that artificial general intelligence is beneficial to all of humanity. Our Security team plays a crucial role in safeguarding OpenAI’s technology, personnel, and products. We focus on creating effective technical solutions while maintaining operational excellence. Our guiding principles include prioritizing impactful actions, empowering researchers, preparing for transformative technologies, and fostering a robust security culture.About the RoleAs a Security Engineer specializing in Application Security, you will be at the forefront of identifying and addressing security vulnerabilities within our software applications. Your expertise will be applied through building innovative security tools, conducting code reviews, performing penetration testing, and executing thorough security assessments.We are seeking proactive individuals who can collaborate closely with development teams to ensure the integration of secure coding practices throughout the software development lifecycle. Your role will also encompass providing security guidance to developers and stakeholders, thereby enhancing the overall security awareness across the organization.This position is ideally based in San Francisco, Seattle, or New York City, but remote work options will be considered. Our hybrid work model includes three days in-office each week, along with relocation assistance available for new hires.Key Responsibilities:Conduct Security Assessments: Regularly perform security assessments, code reviews, and penetration tests to uncover vulnerabilities in applications.Develop Security Tools: Design and implement security tools, frameworks, and methodologies to shield applications from potential threats.Collaborate with Development Teams: Partner with development teams to ensure best security practices are embedded in the software development lifecycle, including secure coding standards.Threat Modeling and Risk Management: Engage in threat modeling and risk assessments to identify potential risks early and formulate effective mitigation strategies.Manage Vulnerabilities: Track, analyze, and oversee vulnerabilities in applications, providing guidance and support for remediation efforts.Incident Response: Participate in incident response efforts as necessary, ensuring swift action is taken to mitigate security incidents.

About Lumafield: Founded in 2019, Lumafield is at the forefront of modernizing manufacturing processes. Our team of seasoned engineers, with expertise spanning the entire product development cycle, identified the challenges posed by the intricate and costly nature of contemporary manufacturing. In response, we are committed to transforming this landscape.Engineers make critical decisions daily, and they require tools that provide comprehensive insights into their products. Lumafield delivers unparalleled visibility into product development through AI-driven solutions that pinpoint issues and yield quantitative data. Our innovative approach promises to redefine the creation, manufacturing, and application of complex products across various sectors. We have pioneered the use of industrial CT scanning—a crucial yet underutilized tool that allows for rapid, non-destructive inspection of vital components.By reengineering the entire system—from X-ray capture and computer vision analysis to web-based collaboration—we're making cutting-edge manufacturing technology accessible across all industries. Our mission is to continuously enhance intelligence, autonomy, and speed, paving the way for operational excellence and profound insights. And then we'll take it to the next level.About the Role: In the role of Chief Information Security Officer (CISO), you will take charge of Lumafield's security operations, overseeing everything from cloud infrastructure and product security to safeguarding customer data and ensuring regulatory compliance. This is a unique opportunity to shape the security culture and framework of a rapidly growing company that handles some of the most sensitive intellectual property globally, including proprietary product designs and internal manufacturing processes.Your position will report directly to the CEO and involve close collaboration with Engineering, Product, Operations, and Sales teams to ensure that security measures facilitate rather than hinder business operations.

About the Role mercor is hiring a Security Engineer focused on Application Security in San Francisco or New York City. This role centers on protecting company applications from threats and vulnerabilities. The Security Engineer works closely with teams across the company to strengthen security practices and improve the overall security of our software. What You Will Do Work with engineers and other teams to apply security best practices throughout the development lifecycle Perform detailed security assessments of applications Identify and address new and existing security risks Help improve the security posture of mercor’s applications

Location: Remote (U.S. or Canada) Type: US Applicants – Full-Time; Canadian Applicants – Independent Contractor About Human Agency Human Agency is on an exciting trajectory of growth, actively seeking exceptional talent across various disciplines to meet the demands of our expanding pipeline of opportunities. Our mission is to recruit individuals ranging from creative producers to technical experts and entrepreneurial leaders, all of whom will play a crucial role in driving our next chapter of innovation and growth. We pride ourselves on being a company of doers. Our leaders are hands-on, our teams collaborate closely, and every member contributes to the delivery of our projects. Here, titles do not shield us from constructive feedback; we embrace critique, learn rapidly, and continually strive for excellence. The best ideas prevail, regardless of their origin, as our clients trust us to achieve the strongest outcomes consistently. We regard our clients’ missions, products, and bottom lines as paramount. By immersing ourselves in their worlds, we become dedicated stewards of their goals and partners in addressing significant challenges. Every product, strategy, or asset we develop is crafted to be not only aesthetically pleasing but also functional, practical, and designed for real-world impact. Our most valuable resource is our people, and our growth stems from hiring individuals who propel us forward. Across strategy, engineering, design, data, and operations, we seek teammates who elevate our standards and enhance our capabilities. We collaborate with organizations of all sizes to explore, design, and implement AI strategies that are secure, scalable, and centered around human needs. We believe that AI should enhance human potential rather than replace it, and we uphold this conviction in every engagement. Our services range from advisory and tooling to implementation and education, ensuring we meet clients where they are and aid them in integrating AI in alignment with their mission and values. Our objective is to empower teams to work smarter, move faster, and unlock new possibilities through thoughtful, responsible innovation. Ultimately, we lead with purpose, love, and a sense of adventure. We engage in meaningful work with individuals we value, making the journey rewarding and enjoyable. At Human Agency, our identity and our work philosophy are inseparable. The Opportunity This is not a conventional enterprise CISO position characterized by inheriting a legacy infrastructure and overseeing a large team while maintaining the status quo. Instead, this is a hands-on, entrepreneurial role where you will be at the forefront of AI security—designing systems yet to exist, tackling problems the industry is just beginning to recognize, and viewing security not merely as a cost center but as a strategic and commercial asset. We are actively deploying AI agents at scale across client environments, developing our own AI-powered tools, and advising organizations on the safe integration of autonomous systems into mission-critical operations.

Why Join Brex?Brex is an innovative AI-driven spend management platform designed to empower businesses to manage expenses with confidence. We provide integrated corporate cards, banking solutions, and global payment options, alongside intuitive software for travel and expense management. From startups to large enterprises, clients like DoorDash, Flexport, and Compass leverage Brex to optimize spending, lower costs, and enhance efficiency worldwide.Joining Brex means embracing challenges, pushing boundaries, and collaborating with industry leaders. We are dedicated to fostering a diverse and inclusive culture where your potential is only limited by your aspirations. We equip you with the necessary tools, resources, and support to advance your career.Engineering at BrexOur engineering culture focuses on building scalable systems with intention and speed. Our teams, spanning Software, Data, Security, and IT, work with high autonomy and deep collaboration. We confront challenging technical problems, take ownership of outcomes, and strive for excellence across all levels—from architecture to deployment. Here, engineering is regarded as a craft, and builders evolve into leaders.Your RoleAs a Senior Application Security Engineer, you will be pivotal in identifying and addressing security vulnerabilities within the Brex platform. Your responsibilities will include conducting code and design reviews, penetration testing, and managing vulnerabilities. You will also develop and maintain tools for static and dynamic testing of the platform, ensuring secure developer workflows. You will collaborate closely with teams across Security Operations, GRC, Product Security, Front End Platform, and IT Infrastructure.We seek individuals with a robust background in penetration testing and a proven track record of uncovering vulnerabilities in complex systems. Your ability to craft exploits that highlight business risk will be essential. This role demands a collaborative spirit, as you will engage with various engineering teams throughout Brex. Your enthusiasm for diverse perspectives and needs is crucial as we build world-class financial services with top-tier security.Brex is at the forefront of AI-driven financial services for dynamic companies such as Coinbase, Robinhood, and Anthropic. As we integrate AI across our product suite, this role will have the chance to significantly influence our approach.

About the Role mercor is hiring an Application Security Engineer in San Francisco. This role focuses on protecting our applications by applying proactive security practices and conducting detailed assessments. The work centers on finding vulnerabilities and putting strong security protocols in place to keep our products secure and dependable.

At NerdWallet, our mission is to empower individuals to make informed financial decisions. We foster an inclusive, flexible, and transparent culture where you are encouraged to grow, take calculated risks, and be your authentic self (cape optional). Whether you prefer working remotely or in-office, we are committed to supporting your optimal work style. We prioritize your well-being, professional growth, and your ability to create a meaningful impact because when one Nerd succeeds, we all succeed.We are on the lookout for a talented Security Engineer II to become a part of our Application Security team. This team plays a critical role in our mission by ensuring that the products and services we develop protect our users' data and trust.In this position, you will closely collaborate with engineering teams across the organization to mitigate security risks throughout the software development lifecycle. You will participate in initiatives aimed at enhancing NerdWallet's security posture by refining tools, workflows, and standards that enable engineers to create secure software while ensuring a positive developer experience.This role is perfect for someone who thrives on solving security challenges collaboratively, building scalable solutions, and assisting engineers in embedding security practices into their daily work. You will have the chance to deepen your application security knowledge while making significant contributions to our evolving security program.You will report to a Business Information Security Officer.If you were here 6 months ago, here are some things you might have worked on:Developed and launched a dashboard for on-call activities for the team.Assisted in triaging and responding to security findings and alerts generated by application security tools.Conducted a penetration test of an external system and participated in red team exercises.Worked alongside engineers to remediate vulnerabilities and enhance secure coding practices.Contributed to automation or tooling that enhances visibility into application security risks.Where you can make an impact:Help expand NerdWallet’s application security program through automation, tooling, and enabling developers.Collaborate with engineering and product teams to identify and address security gaps across various systems while balancing business priorities.Create tools, processes, and automation that facilitate secure software development.

Join Chime as a Senior Application Security Engineer and play a pivotal role in safeguarding our applications and systems from security threats. In this fully remote position, you will collaborate with cross-functional teams to implement security best practices, conduct code reviews, and ensure compliance with industry standards.Your expertise will help shape our security posture as you design and execute vulnerability assessments and penetration tests. If you are passionate about security and want to make a meaningful impact, we want to hear from you!

About SentryAt Sentry, we are dedicated to eradicating bad software. Our mission is to empower developers to create better software more efficiently, allowing everyone to enjoy technology once more.With over $217 million in funding and a community of more than 100,000 organizations, including industry leaders like Disney, Microsoft, and Atlassian, we are at the forefront of building performance and error monitoring tools that minimize bug fixing and maximize product development.We embrace a hybrid work model across our global teams, designating Mondays, Tuesdays, and Thursdays as in-office days to foster collaboration. If you are passionate about creating tools that enhance the digital experience, join us in developing the next generation of software monitoring solutions.About The RoleOur security team is committed to safeguarding every aspect of Sentry, from our customer data to our internal code. As a Senior Security Engineer, you will be integral to our mission of enhancing security across our application and Kubernetes platform. Collaborating with engineering teams, you will help strengthen Sentry’s cloud security posture through strategic architecture, threat modeling, and hands-on coding when necessary.Key ResponsibilitiesLead critical initiatives aimed at addressing significant security challenges, from conceptualization to execution.Collaborate on cross-departmental objectives to drive security goals forward.Conduct research and assess new technologies that can bolster our security framework with a focus on scalability.Identify vulnerabilities within our systems and data while developing and implementing robust protective measures.Support cross-functional teams in integrating security solutions that adhere to Secure-by-Design principles.Ideal Candidate AttributesDesire to be a foundational member of an agile, engineering-centric security team.Enjoy collaborating with enthusiastic security, application, platform, and infrastructure engineers eager to innovate.Passionate about advancing security practices to enhance software quality.

At Discord, we connect over 200 million users every month through our platform, primarily for one exhilarating reason: gaming. With more than 90% of our community engaged in gaming, they collectively spend an astounding 1.5 billion hours indulging in thousands of unique titles on Discord each month. Our commitment is to enhance the gaming experience, making it more enjoyable for everyone to communicate and socialize before, during, and after gameplay.Your RoleLead a talented team of security engineers to develop and implement robust application security tools and services, conduct secure design reviews, and perform threat modeling, while providing expert guidance on secure development practices at Discord.Ensure the security of our code and development processes from the Integrated Development Environment (IDE) through to production.Enhance the detection and remediation of security vulnerabilities at scale.Collaborate with various Discord teams to minimize security risks for our users while proactively identifying and addressing security bugs prior to production deployment.Partner with Discord’s product engineering and management teams to advocate for innovative security features that enhance user protection.

Figma is seeking an experienced Director of Information Technology to lead our technical strategies and initiatives. In this pivotal role, you will oversee our IT infrastructure, ensuring it meets the evolving needs of our organization. You will collaborate with cross-functional teams to enhance operational efficiency and drive innovation.Your leadership will be crucial in managing our IT support, security protocols, and project management, while also fostering a culture of continuous improvement within the IT department.

Join dstaff as a Web Application Security Engineer and become a key player in fortifying our digital infrastructure. In this role, you will be responsible for identifying and mitigating security vulnerabilities in our web applications, ensuring the integrity and confidentiality of our data.You will collaborate with cross-functional teams to integrate security practices into our development lifecycle and implement robust security measures. Your expertise will help us stay ahead of potential threats and safeguard our users' information.

Ironclad stands at the forefront of the AI contracting landscape, revolutionizing the way agreements are transformed into strategic assets. Our platform enables contracts to expedite through processes, instantly deliver insights, and empower agents to drive work forward—all while keeping you in control. Whether involved in buying or selling, Ironclad consolidates the entire contracting process into one intelligent platform, equipping leaders with the visibility they need to maintain a competitive edge. This is why some of the most innovative organizations, from Rivian to the World Health Organization and the Associated Press, have entrusted Ironclad to enhance their business operations.We are consistently acknowledged as an industry leader: recognized as a Leader in the Forrester Wave and the Gartner Magic Quadrant for Contract Lifecycle Management, awarded as a Great Place to Work by Fortune, and listed among Fast Company’s Most Innovative Workplaces. Ironclad has also secured a spot in Forbes’ AI 50 and Business Insider’s list of Companies to Bet Your Career On. Our efforts are supported by prominent investors such as Accel, Y Combinator, Sequoia, BOND, and Franklin Templeton. For further details, visit www.ironcladapp.com or connect with us on LinkedIn.This position is hybrid, requiring office attendance at least twice a week on Tuesdays and Thursdays for collaboration and connection. Additional in-office days may be necessary for team or company events.Ironclad is on the lookout for a talented Application Security Engineer who is committed to securing cutting-edge software platforms and safeguarding sensitive information. We seek a candidate with extensive experience in automated vulnerability scanning and penetration testing to fortify our application security initiatives. The ideal individual will possess a background in software development or testing, preferably in SaaS environments or regulated industries.The role encompasses conducting security assessments, identifying and addressing risks, and implementing security best practices and improvements throughout Ironclad’s Product, Platform, and Engineering teams.

WHO WE ARE Zeta Global (NYSE: ZETA) is a cutting-edge AI-Powered Marketing Cloud that utilizes advanced artificial intelligence and vast consumer insights to enhance the efficiency with which marketers acquire, nurture, and retain customers. Our mission, through the Zeta Marketing Platform (ZMP), is to simplify sophisticated marketing by integrating identity, intelligence, and omnichannel activation into a single, powerful platform—backed by one of the industry's largest proprietary databases and AI technology. We empower our enterprise clients across diverse sectors to create personalized consumer experiences, driving superior outcomes for their marketing strategies. Founded in 2007 by David A. Steinberg and John Sculley, Zeta Global is headquartered in New York City, with a global presence. Discover more at www.zetaglobal.com. About the Role We are seeking a highly experienced Staff Application Security Engineer to spearhead our application and platform security efforts. You will be tasked with embedding robust security measures throughout the development lifecycle—from threat modeling to deployment—ensuring that secure-by-design principles are consistently upheld. Operating at a significant scale, Zeta supports billions of consumer profiles and handles petabytes of data within our real-time, AI-driven marketing frameworks. In this pivotal role, you will safeguard our high-performance systems by promoting best practices, assessing emerging threats, and enabling cross-functional teams to develop secure and reliable applications. This high-impact position offers significant visibility across engineering, product, and executive leadership teams. Key Responsibilities Threat Modeling & Security Validation Lead threat modeling and security architecture reviews for distributed, event-driven systems. Integrate security code reviews, SAST/DAST, Software Composition Analysis (SCA), and container scanning into CI/CD and AI/ML pipelines. Coordinate and oversee incident simulations specific to AI systems; manage red/blue team exercises to validate our defensive posture. Conduct security evaluations of third-party vendors and tools to ensure compliance with our security standards.

Join Anchorage Digital as a key member of our Global Information & Security Team, where you will play a vital role in developing and scaling a pioneering security program. Your expertise will ensure the integrity of our data and the protection of our clients' digital assets while adhering to essential regulatory standards such as the Gramm–Leach–Bliley Act and guidelines from the Federal Financial Institutions Examination Council. You will be involved in comprehensive cybersecurity initiatives, conducting risk assessments, designing and implementing internal controls, and compiling insightful reports and metrics. As an authority in cybersecurity and IT risk management, you will lead projects independently and collaboratively across various departments. You will also assess risks to our Information Security Program, enhance controls to mitigate operational risks, and ensure the ongoing effectiveness of these controls. Your contributions will help shape the strategic direction of the Information Security Team and enrich the culture at Anchorage Digital.

Founded in 2007, Airbnb has transformed the way people travel, connecting over 5 million hosts with more than 2 billion guests worldwide. Our platform offers unique stays and experiences, allowing travelers to immerse themselves in local cultures and communities.The Community You Will Join:At Airbnb, we prioritize trust. The Information Security team is crucial in nurturing and fortifying the confidence our users place in our platform, which enables millions to discover the world and feel at home anywhere. This team operates as a vital cross-functional entity within Airbnb, ensuring the security of our expansive ecosystem.The Impact You'll Make:As the Senior Program Manager for Information Security, you will spearhead operational initiatives, strategic planning, and efficiency enhancements within our InfoSec organization. You will collaborate with senior leadership across InfoSec and the broader company to scale security operations in alignment with our growth trajectory.A Day in Your Role:Strategic Planning: Lead biannual planning cycles, focusing on goal setting, cross-departmental collaboration, resource allocation, and budget oversight. Innovate frameworks to prioritize and distribute workloads across teams.OKR Performance Measurement: Establish and monitor Objective Key Results (OKRs) to assess the impact of strategic projects and operational processes.Project Execution: Oversee the implementation of significant organizational projects, ensuring timely delivery and fulfillment of objectives.Operational Optimization: Refine workflows to enhance efficiency, productivity, and scalability within InfoSec. Implement automation, process enhancements, and self-service solutions while leading change management efforts.Communication: Craft comprehensive InfoSec communications for the entire company, including reports and updates tailored for engineering teams.Budget Management: Manage budgetary requirements and ensure alignment with organizational goals.

Join the City and County of San Francisco as a Journey Information Systems Engineer specializing in Applications. This is a fantastic opportunity to leverage your skills in innovative technology solutions while working citywide across multiple departments.As part of our team, you will contribute to the enhancement and maintenance of vital information systems that support various city operations, ensuring seamless access to data and services for residents and city staff alike.