Position Overview:

As a Product Security Engineer, you will work closely with our engineering and DevOps teams to ensure our cloud-native SaaS products are secure by design. You will be responsible for identifying, assessing, and mitigating security vulnerabilities in AWS and Terraform configurations, while implementing robust security controls across the product lifecycle.

Salary: 160-190k base + 10-15% bonus

Logistics: 100% Remote in the US

Work authorization: Must be a US Citizen or permanent resident

Key Responsibilities:

• Conduct security reviews of architecture, design, and code for our cloud-native SaaS products.
• Identify and remediate security vulnerabilities in AWS cloud environments and Terraform infrastructure as code (IaC) configurations.
• Collaborate with development teams to integrate security best practices throughout the software development lifecycle.
• Implement and manage automated security testing tools (e.g., SAST, DAST) and processes for continuous security validation.
• Conduct threat modeling and risk assessments for new and existing products.
• Develop and maintain security documentation, policies, and procedures.
• Stay up-to-date on the latest security trends, threats, and technologies to continuously improve our security posture.

Qualifications:

• 5-7 years of experience in Product Security, Application Security, or a related field.
• Strong hands-on experience with AWS security (IAM, VPC, EC2, S3, CloudTrail, etc.) and Terraform IaC configurations.
• Demonstrated ability to find and fix security vulnerabilities in cloud-native architectures.
• Familiarity with common security frameworks and best practices (OWASP, NIST, CIS Benchmarks).
• Experience working with DevOps and CI/CD pipelines to implement security automation.
• Strong understanding of encryption, authentication, and security protocols.
• Excellent problem-solving skills and the ability to work independently as well as in a team environment.
• Strong communication skills to articulate security issues to both technical and non-technical stakeholders.

Preferred Qualifications:

• Certifications such as CISSP, AWS Certified Security Specialty, or relevant cloud security certifications.
• Experience with container security (Docker, Kubernetes).

One of our SaaS Clients is targeting a Product Security Engineer. You will drive the security of our SaaS products by embedding security best practices throughout the software development lifecycle (SSDLC). You'll collaborate with engineering and product teams to ensure robust security measures while enabling smooth scaling and development. While a generalist background is useful, this role emphasizes securing software products and managing the entire security framework, with room for specialization as the team expands. Knowledge of the NIST Secure Software Development Framework (SSDF) is a plus.

Logistics: 100% remote within the US.

Compensation: $160-200k base salary with a RSU (private stock) package.

What You Will Do:

• Lead security integration in the software development lifecycle (SSDLC) to ensure secure-by-design products
• Implement and manage security controls across corporate and production environments
• Work closely with development teams to identify and remediate security vulnerabilities
• Manage vulnerability assessments, penetration testing, and bug bounty programs
• Oversee security incident response for product-related security events
• Continuously monitor and enhance the overall security posture of SaaS products
• Drive automation in security practices to scale processes efficiently
• Ensure compliance with security standards and regulations, including optional familiarity with NIST's SSDF framework

We are looking for you if you have/are:

• 5+ years experience as a security engineer
• Deep understanding of SSDLC and secure coding practices
• Hands-on experience with cloud platforms (AWS preferred) and Linux environments
• Proficiency in automation tools and scripting languages (Python, Bash)
• Knowledge of vulnerability management, threat modeling, and incident response
• Experience with NIST SSDF framework (optional but beneficial)
• A security-first mindset with a passion for protecting product environments

We are seeking a Lead Application Security Engineer to join our fin-tech client’s growing security team. You'll be pivotal in identifying and closing security vulnerabilities by working closely with our development teams. Your primary focus will be to oversee the entire process of establishing secure development standards, executing penetration tests to uncover weaknesses, and devising effective mitigation strategies.

Compensation: $170,000 - $220,000 base + 15% bonus

Logistics: 100% remote in the US

Work authorization: US Citizen, no sponsorship available

Here’s what you’ll be doing:

• Spearheading detailed Security Design Reviews, Code Reviews, and Threat Modeling at the product and feature levels.
• Leading manual security assessments and establishing robust secure coding standards.
• Undertaking penetration testing on web and mobile applications to root out potential vulnerabilities.
• Scrutinizing our software for potential threats that could be exploited via user interfaces.
• Evaluating, documenting, and reporting on discovered vulnerabilities, providing clear remediation strategies.
• Collaborating closely with Product and Engineering teams to devise and deploy risk-mitigating solutions.
• Formulating guidelines for the secure use of open-source software, ensuring adherence to security benchmarks.
• Engaging with a wide audience, from tech experts to business leaders, to discuss security assessments and recommendations.

And here’s what you need:

• A minimum of 7 years dedicated to application security, with a strong emphasis on secure coding, threat analysis, and pen testing.
• Mastery over security testing methodologies and tools, including but not limited to fuzz testing and Burp Suite.
• Proficiency in various programming languages like Java, React, Node.js, PHP, Scala, C, or Python to perform in-depth code reviews.
• Expertise in identifying and prioritizing security risks within modern application architectures including Front End, APIs, Microservices, and Containers.
• Outstanding communication skills to articulate complex security concepts to both tech and non-tech audiences.
• A thorough grasp of the evolving landscape of cyber threats and the strategies malicious actors employ.

We're looking for a Red Team/Penetration Consultant to join a growing firm. This position is 100% remote within the US with up to 10% travel. $150-180k with an annual bonus.

Key Responsibilities

• Design and execute adversary simulation exercises to test client defenses.
• Conduct penetration testing to identify vulnerabilities and exploit weaknesses in systems, applications, and infrastructure.
• Collaborate with clients to improve their ability to detect, respond to, and recover from cyber attacks.
• Participate in security assessments and incident response activities.
• Apply the latest attack techniques and methodologies in simulated environments.
• Develop or modify tools and scripts to support advanced testing scenarios.
• Provide insights and recommendations based on an attacker’s perspective.

Requirements

• Minimum of 3 years of experience in penetration testing, Red Teaming, or similar roles.
• Strong understanding of penetration testing methodologies and security tools.
• Ability to quickly learn and adapt to new technologies and techniques.
• Familiarity with common attack techniques, particularly against authentication systems like Active Directory.
• Scripting and tool development experience (e.g., Python, PowerShell, Bash).
• Experience developing or modifying custom exploits, tools, or shellcode.
• Background in application security or malware analysis is advantageous.
• Strong communication and presentation skills.
• Willingness to travel occasionally for client engagements.

No CTC or sponsorship at this time.

We are looking for a Senior Application Security Engineer to enhance the security of our applications throughout their development lifecycle. You will collaborate closely with development teams to integrate security best practices, conduct thorough threat assessments, and apply industry standards to identify and mitigate security vulnerabilities. This position must be hybrid (3 days/week) local to the suburbs of Washington DC. $170-215k with an annual bonus.

What you'll be doing:

• Lead the design and implementation of secure coding practices within development teams.
• Conduct threat modeling for new and existing applications to identify potential security risks.
• Perform security reviews and code analysis to identify and resolve vulnerabilities.
• Participate in code reviews and conduct secure code assessments for various programming languages.
• Collaborate with developers to provide guidance on security improvements and secure coding techniques.
• Implement and manage automated security testing tools and processes.
• Evaluate third-party libraries and dependencies for potential security risks.
• Stay current with emerging security threats, vulnerabilities, and technologies to enhance application security.
• Work with cross-functional teams to integrate security into the software development lifecycle (SDLC).

What we're looking for:

• Proven experience in Application Security Engineering or a related role.
• Strong understanding of application security best practices and threat modeling methodologies.
• Extensive development experience in one or more programming languages (e.g., Java, Python, C, C++).
• Hands-on experience with secure coding practices, including encryption and authentication mechanisms.
• Proficiency in conducting security assessments, such as code reviews and penetration testing.
• Familiarity with security tools such as static and dynamic analysis tools (e.g., SAST, DAST).
• Excellent communication skills, with the ability to explain technical issues to diverse audiences.
• Relevant security certifications (e.g., CEH) are a plus.

No CTC or sponsorship at this time.

We're seeking a Cloud Security Engineer who's strong in GCP (Google Cloud) for a SaaS security client. Though it's a multi-cloud environment, there's a heavy emphasis on GCP, Python, Kubernetes, and Terraform. You can work 100% remotely in the United States with this role on a full-time, direct-hire basis. $160-200k with an annual bonus and heavy RSU package.

What you'll be doing:

• Oversee and maintain the security posture of our Commercial and FedRAMP GCP environments.
• Secure and manage our Azure and AWS cloud environments.
• Strengthen the security of our SaaS tenants using our security platform.
• Provide input on the product roadmap and help shape new feature development.
• Collaborate with the Compliance team to enhance product compliance capabilities.
• Partner with the Security team on monitoring, detection, and incident response activities.

What's required of you:

• 3+ years of experience in Cloud Security Engineering or a related field.
• Extensive knowledge of GCP security and best practices for cloud security.
• Expertise in working with Terraform, Kubernetes, and Google Kubernetes Engine (GKE).
• Proficient in AWS and Azure security practices.
• Familiarity with multiple SaaS platforms like Salesforce, ServiceNow, Microsoft 365, GitHub, Workday, Box, Slack, Zoom, and others.
• Solid development experience using Python and Django.
• A strong passion for security and a proactive approach to problem-solving.
• Excellent remote communication and collaboration skills.
• Ability to independently research, learn, and achieve objectives.

We are seeking a Tier 3 SOC Analyst where you will be the escalation point for complex security incidents, leading incident response efforts for the MSSP. Working full remote on a non-rotating 2nd or 3rd shift, you will provide expert analysis and recommend remediation strategies for advanced threats.

Salary: 100-130k base + bonus

Logistics: 100% Remote in the US, 2nd and 3rd shift (non-rotating)

Key Responsibilities:

• Lead response to high-priority security incidents.
• Perform deep-dive analysis of complex threats, including malware and advanced attacks.
• Develop and implement playbooks and detection rules.
• Mentor Tier 1 and Tier 2 SOC analysts and provide guidance on escalated incidents.
• Work closely with clients on incident resolution and reporting.

Qualifications:

• 4+ years of SOC experience with a focus on incident response.
• Expertise in advanced threat hunting, malware analysis, and forensic techniques.
• In-depth knowledge of SIEMs, IDS/IPS, and endpoint security solutions.
• Strong communication and leadership skills, especially in high-pressure situations.

We are seeking a Tier 2 SOC Analyst where you will monitor, investigate, and respond to security incidents within the MSSP’s Security Operations Center. Working full remote on a non-rotating 2nd or 3rd shift, you will use advanced tools to detect and analyze threats, escalating complex incidents as needed.

Salary: 80-105k

Logistics: 100% Remote in the US, 2nd or 3rd Shift (Non-Rotating)

Key Responsibilities:

• Monitor and respond to security alerts and incidents.
• Analyze and investigate potential threats using SIEM and other tools.
• Escalate incidents requiring Tier 3 or specialized response.
• Assist in tuning detection mechanisms and improving alert accuracy.
• Generate reports on security events and remediation actions.

Qualifications:

• 2+ years of SOC experience in a Tier 1 or 2 role.
• Strong knowledge of SIEM platforms, firewalls, and endpoint security.
• Experience in incident response and threat analysis.
• Ability to work independently during 2nd or 3rd shift.

We are seeking a Senior Account Executive where you will lead MSSP sales efforts, driving revenue growth by building strong client relationships and developing tailored cybersecurity solutions. With 5-8 years of experience, you will manage the full sales cycle, from prospecting to closing deals, while working with internal teams to meet client needs. 

Salary: 140-160k base 

Logistics: 3 days per week onsite in NYC

Key Responsibilities:

• Identify and pursue new business opportunities within the cybersecurity market.
• Build and maintain strong relationships with clients and stakeholders.
• Collaborate with technical teams to develop custom MSSP solutions.
• Lead contract negotiations and close high-value deals.
• Meet and exceed sales targets.

Qualifications:

• 5-8 years of sales experience in cybersecurity or MSSP.
• Proven track record of meeting or exceeding sales quotas.
• Strong communication, negotiation, and relationship-building skills.
• Ability to work on-site 3 days a week in NYC.