Create an Account
Create an account for powerful AI tools, award-winning courses, and access to our vibrant community.
or
Already have an account?
Create an account for powerful AI tools, award-winning courses, and access to our vibrant community.
Already have an account?
Join 250,000+ professionals and teams at Microsoft, Shopify, and even NASA. đ
Already have an account? Login
Find the best remote jobs. Answer a few questions and we'll deploy a powerful assistant to help you search, create alerts, and more.
1 What roles are you open to?
2 Experience level
3 Work style
Did you know? If memory is enabled, Writing.io can remember your job search preferences and help you to improve your resume, craft customized outreach and more.
Category
Designs and implements SOAR automation solutions for SOC operations, optimizing incident response workflows and security integrations in a managed security services environment.
About ProArch:
At ProArch, we partner with businesses around the world to turn big ideas into better outcomes through IT services that span cybersecurity, cloud, data, AI, and app development.
Weâre 400+ team members strong across 3 countries (we call ourselves ProArchians)âand hereâs what connects us all:
Whatâs it like to work here?
At ProArch, youâll be part of teams that design and deliver technology solutions solving real business challenges for our clients. With services spanning AI, Data, Application Development, Cybersecurity, Cloud & Infrastructure, and Industry Solutions, your work may involve building intelligent applications, securing businessâcritical systems, or supporting cloud migrations and infrastructure modernization.
Every role here contributes to shaping outcomes for global clients and driving meaningful impact. Youâll collaborate with experts across data, AI, engineering, cloud, cybersecurity, and infrastructureâsolving complex problems with creativity, precision, and purpose. Youâll join a culture rooted in technology, curiosity, and continuous learning. A place where we move fast, trust you to make an impact, encourage innovation, and support your growth.
Position Overview
ProArch IT Solutions is seeking a highly motivated and technically skilled Security / SOAR Automation Engineer to join our global cybersecurity operations team supporting a fast-paced Managed Security Services Provider (MSSP) environment. The ideal candidate will possess strong hands-on experience in cybersecurity automation, SOAR platform engineering, SOC workflow orchestration, and security integrations across modern security ecosystems.
This role is heavily focused on designing, implementing, optimizing, and scaling SOC automation capabilities to improve operational efficiency, incident response, alert enrichment, triage automation, threat intelligence utilization, and AI-driven security operations enhancements.
The Engineer will work closely with SOC Operations, Security Engineering, Security Consulting, and Leadership teams to deliver automation initiatives and operational improvements while supporting a globally distributed security environment.
This is a permanently remote opportunity for candidates based in India, aligned primarily to USA Eastern Time (ET) business hours, with flexibility depending on operational requirements.
Key Responsibilities:
SOAR Engineering & Automation
Design, develop, implement, and maintain SOAR playbooks and automation workflows for SOC operations.
Build scalable security orchestration workflows for:
Alert triage
Automated enrichment
Threat intelligence correlation
Incident response
Containment workflows
Identity-based investigations
Case management
Reporting automation
Reporting automation
Implement and maintain integrations between SOAR platforms and various security technologies using APIs, webhooks, SDKs, and custom connectors.
Develop automation logic to improve SOC efficiency, reduce analyst fatigue, and accelerate Mean Time to Respond (MTTR) and Mean Time to Resolve.
Support SOAR platform lifecycle management including upgrades, change management, testing, governance, RBAC, and operational maintenance.
Assist with SOAR platform administration, identity & access management, and environment hardening.
Security Platform Integrations
Hands-on experience integrating and automating workflows involving:
SOC Operations Enhancement
AI & Advanced Security Operations
Collaboration & Project Coordination
Experience
Technical Skills
Strong understanding of:
Preferred Qualifications
Soft Skills & Work Style
Work Schedule & Environment
What Success Looks Like in This Role
Life @ ProArch
Build and operate security scanning infrastructure (SAST, DAST, SCA) across CI/CD pipelines, tune detection rules, and enforce security gates in the software delivery process.
Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.
IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.
Barronâs has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.
About the Role
We are looking for an Application Security Engineer who lives at the intersection of security and engineering. This is not a policy role â you will be hands-on building, tuning, and scaling the security scanning infrastructure that protects our software delivery pipeline. You will own SAST, DAST, and SCA tooling end to end, drive false positive reduction, and embed security gates directly into CI/CD workflows across engineering teams. A deep understanding of how vulnerabilities actually work â not just what scanners report â is fundamental to success in this role.
The Problem Weâre Solving
We operate in a complex, regulated environment â multiple languages, layered network boundaries, and delivery velocity that cannot be sacrificed for security theater. We are building a scanning program that works in that reality. Tuned, automated, trusted â coverage that is measurable and findings that engineers actually act on. This role exists to solve that problem.
What Youâll Do
Own and operate static, dynamic, and software composition analysis scanning platforms across all engineering pipelines â onboarding new repositories, tuning rulesets, and maintaining coverage metrics
Build and maintain CI/CD security gates that enforce scan policies at pull request, merge, and release stages across engineering workflows
Write custom detection rules tailored to the organizationâs tech stack and threat model â covering vulnerability classes specific to the languages and frameworks in use
Triage and prioritize scan findings with a deep understanding of actual exploitability â distinguish true positives from noise, explain the real-world impact of each finding, and build suppression workflows that reduce false positive rates without creating blind spots
Develop automation to ticket, deduplicate, and route findings to the right engineering teams with enough context for developers to understand and act on them
Integrate dynamic scanning into pre-production environments with authenticated coverage â understanding what attack surface is actually reachable versus what scanners miss
Partner with engineering teams on remediation â provide exploit context, reproduce findings where necessary, and give concrete fix guidance grounded in how the vulnerability actually works
Support software composition analysis and dependency security programs â tying third-party vulnerabilities back to actual reachability and exploitability in the codebase rather than treating every CVE as equal severity
Contribute to the security champions program â help developers understand not just what is flagged but why it matters and how an attacker would use it
Run structured evaluations of new tooling and drive buy vs build decisions with documented PoC results
What Weâre Looking For
These areas are the capabilities we are looking for. Strong candidates will not check every box. If you are strong in either of the below, we want to hear from you. Depth in one area with curiosity about other matters more than surface-level familiarity across all of them.
5-7 years in application security, DevSecOps, or a security engineering role with tooling focus
Strong foundational knowledge of how web application vulnerabilities work at a technical level â injection classes, broken authentication patterns, insecure deserialization, XXE, SSRF, IDOR, race conditions, and business logic flaws â not just awareness of their names
Ability to read a scan finding and independently reason about whether it is exploitable in context â understanding data flow, trust boundaries, and what an attacker would actually need to trigger it
Hands-on experience deploying and tuning SAST platforms â writing or modifying rules, understanding AST-based and dataflow analysis, and knowing where static analysis fundamentally cannot reach
Experience integrating security tooling into CI/CD pipelines and enforcing policy at key delivery gates
Proficiency in at least one scripting language â Python or Go strongly preferred â for automation and tooling development
Experience with DAST tooling in authenticated scan configurations â understanding what authenticated coverage requires and how session handling, CSRF tokens, and multi-step flows affect scan fidelity
Familiarity with SCA concepts â dependency graphs, transitive vulnerabilities, license risk, reachability analysis, and SBOM formats including CycloneDX and SPDX
Ability to read and reason about code across multiple languages
Nice to Have
Development background â candidates who have written production code and personally addressed security vulnerabilities in a codebase bring a fundamentally different perspective to this role; they understand why developers make the choices they do, where fixes break things, and how to give remediation guidance that engineers will actually implement
Background that spans both sides of the SDLC â having sat in a developer role before moving into security means stronger partnerships with engineering teams and more credible guidance during code review and triage conversations
Experience writing custom detection logic for organization-specific vulnerability patterns beyond out-of-the-box scanner coverage
\* Depending upon the shifts.
** The benefits package is subject to change at the managementâs discretion.
Hands-on security engineer who validates bug bounty submissions, reproduces exploits, and partners with engineering teams to drive vulnerability remediation across web, API, and trading platforms.
Interactive Brokers Group, Inc. (Nasdaq: IBKR) is a global financial services company headquartered in Greenwich, CT, USA, with offices in over 15 countries. We have been at the forefront of financial innovation for over four decades, known for our cutting-edge technology and client commitment.
IBKR affiliates provide global electronic brokerage services around the clock on stocks, options, futures, currencies, bonds, and funds to clients in over 200 countries and territories. We serve individual investors and institutions, including financial advisors, hedge funds and introducing brokers. Our advanced technology, competitive pricing, and global market help our clients to make the most of their investments.
Barronâs has recognized Interactive Brokers as the #1 online broker for six consecutive years. Join our dynamic, multi-national team and be a part of a company that simplifies and enhances financial opportunities using state-of-the-art technology.
Security Engineer -Bug Bounty
About the Role
We are looking for a Security Engineer focused on Bug Bounty who treats researcher reports as security data, not support tickets. This is not a coordination role â you will be hands-on validating vulnerabilities, reproducing exploits, and working directly with engineering teams to drive fixes. You will own the full lifecycle of the program: scope design, triage, researcher relations, remediation tracking, and the upstream feedback that turns external findings into internal controls.
The other half of this role is developer partnership. Findings that sit in a backlog do not improve security. You will reduce the friction that keeps confirmed vulnerabilities from being fixed â translating researcher reports into clear remediation guidance, removing ambiguity that slows engineers down, and identifying the process or tooling gaps that let the same vulnerability class appear repeatedly.
A deep understanding of how vulnerabilities actually work â not just how to classify them â is fundamental to success here.
What Youâll Do
Own day-to-day operations of the bug bounty program on the managed platform, including report triage, severity assessment, researcher communication, and payout decisions â maintaining SLA compliance across all inbound volume
Reproduce and technically validate submitted vulnerabilities across web, API, mobile, and trading infrastructure attack surfaces â reason independently about exploitability in context, not just what the report claims
Classify findings using CVSS, OWASP, and business impact criteria; distinguish genuine risk from theoretical severity; escalate critical issues into incident response workflows with enough context for engineering leadership to act immediately
Act as a remediation partner, not just a reporter â work directly with developers to clarify findings, provide exploit context, reproduce issues where needed, and give fix guidance grounded in how the vulnerability actually works; track what slows remediation and fix it
Identify recurring vulnerability classes across inbound reports and feed patterns back into AppSec initiatives â SAST rule tuning, developer training, design review checklists â closing the loop from external discovery to internal prevention
Maintain program scope, out-of-scope guidance, and rules of engagement; adjust based on surface area changes, new products, and program maturity signals
Coordinate with legal, compliance, and communications on responsible disclosure edge cases, researcher disputes, and public disclosure timelines
Produce monthly and quarterly program metrics for security leadership â coverage, triage velocity, remediation cycle times, finding trends â with enough analytical depth to drive program decisions
Evaluate attack surface expansions â new APIs, products, acquisitions â for readiness to enter program scope
What Weâre Looking For
These are the capabilities that matter for this role. Strong candidates will not check every box. Depth in vulnerability validation and developer partnership matters more than broad platform familiarity. If you have operated on both sides of the researcher-developer relationship, we want to hear from you.
2â5 years in application security, penetration testing, bug bounty operations, or a security engineering role with hands-on validation focus
Strong foundational knowledge of how web application vulnerabilities work at a technical level â SSRF, IDOR, auth bypass, injection classes, business logic flaws, API authorization failures, OAuth misconfigurations â not just awareness of their names
Ability to read a researcher report and independently reason about exploitability in the specific context of the application â understand trust boundaries, data flow, and what an attacker would actually need to trigger the finding
Experience operating a bug bounty or vulnerability disclosure program on a managed platform â Bugcrowd, HackerOne, or equivalent â with ownership of triage decisions and researcher communication
Strong written communication under pressure â you will be writing triage decisions to elite researchers and remediation guidance to developers simultaneously; both audiences require clarity and credibility
Familiarity with REST and GraphQL API security, OAuth 2.0 flows, session management, and web application architecture at the level needed to validate findings without relying on the researcherâs reproduction steps alone
Ability to work cross-functionally with engineering teams â translate security findings into actionable, developer-friendly guidance that engineers will actually implement rather than defer
Nice to Have
Active bug bounty participation as a researcher â candidates who have filed reports themselves understand what makes a finding credible, what frustrates researchers about triage decisions, and how to run a program that retains high-signal contributors
Development background â candidates who have written production code and personally addressed security vulnerabilities bring a fundamentally different perspective to remediation partnership; they understand why developers make the choices they do, where fixes break things, and how to give guidance that engineers will actually act on
Experience in financial services or a similarly regulated environment â understanding the compliance overlay on remediation timelines and disclosure decisions changes how you prioritize and escalate
Scripting ability in Python or Bash â for triage automation, scope monitoring, duplicate detection, or metrics extraction from platform APIs
Familiarity with DAST tooling (Burp Suite Pro, Nuclei, ZAP) â candidates who can independently reproduce and extend researcher findings without relying solely on the submitted reproduction steps are significantly more effective in this role
\* Depending upon the shifts.
** The benefits package is subject to change at the managementâs discretion.
Leads ServiceNow security operations and risk management implementations, provides technical leadership and pre-sales consulting on cybersecurity solutions for enterprise clients.
Tech native for over 30 years, Devoteam guides businesses through sustainable digital transformation to deliver value.
With over 11,000 tech architects in more than 25 countries across Europe, the Middle East, and Africa, Devoteam is committed to using technology to serve people.
Devoteam has been a ServiceNow Elite Partner since 2019. In 2026, it was recognised as ServiceNow Partner of the Year for the fourth consecutive year.
Looking to take your IT security consulting career to the next level? Our ServiceNow Cyber & Risk team is seeking a Consultant with an innovative, can-do attitude and a passion for making a difference. Youâll be based in our Prague office and work with global companies from across Europe.
With us, youâll have the chance to do the job of your dreams - the one you didnât even know you wanted yet. Hereâs what you can expect:
Qualifications
You will be a great fit for this role if you haveâŠ
Want to be head of the pack? Weâd definitely welcomeâŠ
What will you get apart from the salary?
Moreover, we offer:
And last but not least, you can rely on:
Benefits:
Moreover, we offer:
And last but not least, you can rely on:
Implements and administers information security tools, manages security incidents, conducts analysis, and ensures compliance with regulatory requirements.
At NiCE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
At NICE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.
The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.
Learn more about the Benefits at NICE
Join an ever-growing, market-disrupting, global company where the teams â comprised of the best of the best â work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!
NICEâŻLtd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.
NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.
#LI-Hybrid
Requisition ID: 10994 Reporting into: Manager, Information Security, CX
Role Type: Individual Contributor
About NiCE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NiCE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Implements and administers security initiatives, manages security tools, responds to incidents, and ensures compliance with regulatory requirements.
At NiCE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
At NICE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.
The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.
Learn more about the Benefits at NICE
Join an ever-growing, market-disrupting, global company where the teams â comprised of the best of the best â work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!
NICEâŻLtd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.
NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.
#LI-Hybrid
Requisition ID: 10995 Reporting into: Manager, Information Security, CX
Role Type: Individual Contributor
About NiCE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NiCE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Ensures compliance with information security frameworks, conducts internal audits, and supports cybersecurity operations and incident response activities.
At NiCE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
At NICE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
So, whatâs the role all about?
The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response.
How will you make an impact?
Have you got what it takes?
Strong expertise in audit and compliance frameworks, including ISO 27001, ISO 27701, ISO 42001, GDPR, DORA, Cyber Essentials, and Cyber Essentials Plus.
Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions.
Hands-on experience in internal and external audits, compliance assessments, and process improvement.
Basic understanding of incident response frameworks and cybersecurity best practices.
Exceptional analytical, organizational, and communication skills.
Commitment to continuous learning and professional development in audit, compliance, and security.
You will have an advantage if you also have:
A Masterâs degree in Cybersecurity, Risk Management, or related fields is a plus.
Certifications (preferred or required):
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
ISO 27001 Lead Auditor or Implementer
Cyber Essentials Assessor (or equivalent)
GIAC certifications (e.g., GIAC Certified Incident Handler - GCIH or GIAC Security Essentials - GSEC)
Whatâs in it for you?
Join an ever-growing, market disrupting, global company where the teams â comprised of the best of the best â work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!
Enjoy NICE-FLEX!
At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere.
About NICE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NICE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NICE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Requisition ID: 10993
Reporting into: Director Information
Role Type: Individual Contributor
About NiCE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NiCE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Implements and administers security initiatives, manages security tools like SIEM and endpoint protection, and responds to security incidents while ensuring compliance with regulatory requirements.
At NiCE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
At NICE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.
The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.
Learn more about the Benefits at NICE
Join an ever-growing, market-disrupting, global company where the teams â comprised of the best of the best â work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!
NICEâŻLtd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.
NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.
#LI-Hybrid
Requisition ID: 10994 Reporting into: Manager, Information Security, CX
Role Type: Individual Contributor
About NiCE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NiCE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Implements and administers security initiatives, manages security tools like SIEM and endpoint protection, responds to incidents, and ensures compliance with regulatory requirements.
At NiCE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
At NICE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
The Information Security Engineer will assist in implementing and administering initiatives implemented by InfoSec, including security initiatives mandated by regulatory and compliance requirements. This position will be responsible for ensuring that regular housekeeping activities are performed to maintain and monitor processes and systems.
The role ensures that both Corporate and Production services are managed according to company policies, processes, and compliance and regulatory requirements.
Learn more about the Benefits at NICE
Join an ever-growing, market-disrupting, global company where the teams â comprised of the best of the best â work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!
NICEâŻLtd. (NASDAQ: NICE) software products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences, fight financial crime, and ensure public safety. Every day, NICE software manages more than 120 million customer interactions and monitors 3+ billion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud, and digital, NICE is consistently recognized as the market leader, with over 8,500 employees across 30+ countries.
NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation, or any other category protected by law.
#LI-Hybrid
Requisition ID: 10995 Reporting into: Manager, Information Security, CX
Role Type: Individual Contributor
About NiCE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NiCE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Conducts internal audits, manages compliance with security frameworks (ISO 27001, GDPR, DORA), and supports incident monitoring and response activities.
At NiCE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
At NICE, we donât limit our challenges. We challenge our limits. Always. Weâre ambitious. Weâre game changers. And we play to win. We set the highest standards and execute beyond them. And if youâre like us, we can offer you the ultimate career opportunity that will light a fire within you.
So, whatâs the role all about?
The Information Security Analyst is primarily responsible for ensuring compliance with information security frameworks such as Cyber Essentials, Cyber Essentials Plus, ISO 27001, ISO 27701, ISO 42001, GDPR, and DORA. This role focuses on internal audits, regulatory compliance, and readiness for external audits while also contributing to Cybersecurity Operations Center (CSOC) activities, including incident monitoring and response.
How will you make an impact?
Have you got what it takes?
Strong expertise in audit and compliance frameworks, including ISO 27001, ISO 27701, ISO 42001, GDPR, DORA, Cyber Essentials, and Cyber Essentials Plus.
Familiarity with CSOC tools such as Rapid7 InsightIDR or other SIEM solutions.
Hands-on experience in internal and external audits, compliance assessments, and process improvement.
Basic understanding of incident response frameworks and cybersecurity best practices.
Exceptional analytical, organizational, and communication skills.
Commitment to continuous learning and professional development in audit, compliance, and security.
You will have an advantage if you also have:
A Masterâs degree in Cybersecurity, Risk Management, or related fields is a plus.
Certifications (preferred or required):
Certified Information Systems Auditor (CISA)
Certified Information Security Manager (CISM)
Certified Information Systems Security Professional (CISSP)
ISO 27001 Lead Auditor or Implementer
Cyber Essentials Assessor (or equivalent)
GIAC certifications (e.g., GIAC Certified Incident Handler - GCIH or GIAC Security Essentials - GSEC)
Whatâs in it for you?
Join an ever-growing, market disrupting, global company where the teams â comprised of the best of the best â work in a fast-paced, collaborative, and creative environment! As the market leader, every day at NICE is a chance to learn and grow, and there are endless internal career opportunities across multiple roles, disciplines, domains, and locations. If you are passionate, innovative, and excited to constantly raise the bar, you may just be our next NICEr!
Enjoy NICE-FLEX!
At NICE, we work according to the NICE-FLEX hybrid model, which enables maximum flexibility: 2 days working from the office and 3 days of remote work, each week. Naturally, office days focus on face-to-face meetings, where teamwork and collaborative thinking generate innovation, new ideas, and a vibrant, interactive atmosphere.
About NICE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NICE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NICE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NICE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Requisition ID: 10993
Reporting into: Director Information
Role Type: Individual Contributor
About NiCE
NICEâŻLtd. (NASDAQ: NICE)âŻsoftware products are used by 25,000+ global businesses, including 85 of the Fortune 100 corporations, to deliver extraordinary customer experiences,âŻfight financial crimeâŻand ensure public safety.âŻEvery day, NiCE software managesâŻmore thanâŻ120 million customer interactions and monitorsâŻ3+âŻbillion financial transactions.
Known as an innovation powerhouse that excels in AI, cloud and digital, NiCE is consistently recognized as the market leader in its domains, with over 8,500 employees across 30+ countries.
NiCE is proud to be an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, national origin, age, sex, marital status, ancestry, neurotype, physical or mental disability, veteran status, gender identity, sexual orientation or any other category protected by law.
Designs and develops red team security labs and content, researching offensive security techniques and AI-driven attacks to train users on cyber resilience.
A platform you can believe in: Immersive One is the leading cyber resilience solution across the globe.
Build and scale a best in class platform alongside a team of the brightest minds in cybersecurity! At Immersive, weâre uniquely positioned to future-proof organizations against any cyber challenge. If that excites you, read on!
Immersive helps prove and improve your cyber resilience, by simulating real-world threats, testing your skills, and measuring performance. We put your readiness to the ultimate test. From sharpening technical capabilities to making high-pressure decisions, our platform allows you to assess every angle, pinpoint areas for growth, and prove your ability to tackle evolving threats with unwavering confidence.
https://www.immersivelabs.com/why-immersive-labs
Immersive was founded in 2017, from a cargo container in Bristol, UK weâve grown to over 300 employees globally, announced funding of more than ÂŁ150 million and been voted a Best place to work on multiple occasions!
https://www.immersivelabs.com/company/our-story
Cyber Security Engineer - Red Team
Immersive is hiring! Could you be our next Cyber Security Engineer?
Due to customer demand and increasing maturity within our platform we have an exciting and challenging opportunity for an experienced cyber professional within the offensive security sector - with expertise in conducting red team engagements - to join our Product team as Cyber Security Engineer - Red Team.
If successful you will join our Cyber team working closely with our Cyber Team Leads as we embark on this exciting new phase of product development within our market leading cyber resilience platform.
This isnât an ordinary red team role - we know everyone claims this and will tell you their role is super uniqueâŠbut this one really is.
You are constantly researching, learning, totally geeking out on all things offensive security related, from red teaming, to the latest AI driven attacks, and then taking that knowledge and creating labs and ranges.
You will be a key player in our Red Team Content team, shaping and influencing the roll out of our offensive security and AI pen test content roadmap, simulating attack paths and helping train our users to counter the latest threats.
You will be educating the world of offensive security professionals on how to make sure they are secure in what they do. Now that is a pretty cool legacy to leave behind.
Your mission (if you choose to accept it) is to evolve and disrupt within the Red Team space by creating emulated environments within our platform that will simulate both hacking and defending in an engaging and intuitive way for our community.
You will design, build and deliver practical and theory content to gamify offensive security and make it engaging and fun for the end user. Youâll shake up traditional training and teach complex concepts in an innovative way.
If you have an interest in and passion for cyber security, are experienced in the area of offensive security, and want to disrupt how employees build their resilience against the latest threats we will appreciate your input and give you the space to innovate within our market leading platform, Immersive One.
Your main responsibilities (weâre scaling fast, so these may change as we grow):
Utilising knowledge of pen test and red teaming engagements and techniques to plan, write and improve offensive security labs, challenges and online learning content on the Immersive One platform.
Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification
Test Red Team labs and ranges to ensure they function as expected
Research vulnerabilities, tools and offensive tactics and compile this research to deliver practical and theory labs to users
Compile technical research into understandable concise content for both technical and non-technical audience
Work with the wider Product team on new projects and product innovations and how best to deploy them
Sounds good? Weâd love to hear from you if you have proven experience in the following areas:
A number of years of experience working in offensive security as a penetration tester or as a Offensive Security Consultant
In-depth knowledge of the MITRE ATT&CK framework and how it is used to help enterprises deal with threats to their organisation.
Have a strong technical understanding of networking, computing and cyber security concepts
Have the ability to use examples and analogies to simplify complex subjects - your content will train real world users to identify and combat the latest threats so you need to be able to inhabit the mindset of your target audience to create realistic simulations
Familiarity with Linux, Docker and Python would be beneficial
Attitude and approach is just as important as technical skills for this role - you will be someone who enjoys tackling complex problems and finding the solution. Youâll be a natural problem solver and âtinkererâ who enjoys prototyping and iteration.
Immersiveâs growth has been fuelled by our values that underpin everything we do, hereâs how they relate to this role:
Driven - We push the boundaries of innovation, acting swiftly to achieve ambitious outcomes. Our drive embodies a culture of ambition, where challenges are stepping stones to excellence.
Inclusive - Our strength lies in diversity, fostering a culture where every individual contributes to our collective strength. We champion open dialogue and empathy, ensuring a collaborative, inclusive workplace.
Customer Centric - We seek to develop deep relationships with our customers to help them achieve their business outcomes. We exceed our customers and partnersâ expectations by crafting products, services and experiences that surprise, delight and ensure they feel valued and supported every day.
One Team - We are a talented global team working together to achieve our vision. Central to our ethos, resilience means adapting and thriving in adversity. It guides our innovation, ensuring we and our clients are prepared for the future.
We encourage people of all different backgrounds and identities to apply. We are committed to maintaining an inclusive, supportive place for you to be you and do your very best work. Excited by the above? Weâre ready to receive your application!
As well as an inclusive, supportive place for you to be you. We offer an extensive range of benefits so you can do your very best work:
Time off, flexible and remote working so you can work when is best for you, includes 25 days annual leave + 2 volunteering days and your birthday off
The longer you are with Immersive, the more holiday days you get, up to a maximum of 30 days after five years of service
Look after your family and yourself with enhanced parental leave, mindfulness groups, critical illness cover, 7% matched pension, private healthcare plan and more
Career and learning development through the platform, a dedicated professional development fund and our âLearn Anythingâ fund - which enables you to learn anything thatâs not work!
Recognition & Rewards for doing great work and living our values and behaviours
Informal or formal flexible working options, e.g. flexible start and finish times, reduced hours
We have a vibrant team culture with team events throughout the year. Our socials have included everything from pottery painting and paper mask making, to dungeons and dragons!
When you do visit the UK hub, getting there is easy: weâre based in the centre of Bristol, just a 10 minute walk from the train station. We also offer railcard loan and cycle scheme to buy a new bike
Find out more about life at Immersive Labs https://careers.immersivelabs.com
Cyber threats wait for no one and neither should you. Apply now!
If you would like to read more about what you can expect from our recruitment process, you can visit our dedicated interview process page.
Develops offensive security content and red team labs for a cyber resilience platform, researching attack vectors and creating training simulations.
A platform you can believe in: Immersive One is the leading cyber resilience solution across the globe.
Build and scale a best in class platform alongside a team of the brightest minds in cybersecurity! At Immersive, weâre uniquely positioned to future-proof organizations against any cyber challenge. If that excites you, read on!
Immersive helps prove and improve your cyber resilience, by simulating real-world threats, testing your skills, and measuring performance. We put your readiness to the ultimate test. From sharpening technical capabilities to making high-pressure decisions, our platform allows you to assess every angle, pinpoint areas for growth, and prove your ability to tackle evolving threats with unwavering confidence.
https://www.immersivelabs.com/why-immersive-labs
Immersive was founded in 2017, from a cargo container in Bristol, UK weâve grown to over 300 employees globally, announced funding of more than ÂŁ150 million and been voted a Best place to work on multiple occasions!
https://www.immersivelabs.com/company/our-story
Cyber Security Engineer - Red Team
Immersive is hiring! Could you be our next Cyber Security Engineer?
Due to customer demand and increasing maturity within our platform we have an exciting and challenging opportunity for an experienced cyber professional within the offensive security sector - with expertise in conducting red team engagements - to join our Product team as Cyber Security Engineer - Red Team.
If successful you will join our Cyber team working closely with our Cyber Team Leads as we embark on this exciting new phase of product development within our market leading cyber resilience platform.
This isnât an ordinary red team role - we know everyone claims this and will tell you their role is super uniqueâŠbut this one really is.
You are constantly researching, learning, totally geeking out on all things offensive security related, from red teaming, to the latest AI driven attacks, and then taking that knowledge and creating labs and ranges.
You will be a key player in our Red Team Content team, shaping and influencing the roll out of our offensive security and AI pen test content roadmap, simulating attack paths and helping train our users to counter the latest threats.
You will be educating the world of offensive security professionals on how to make sure they are secure in what they do. Now that is a pretty cool legacy to leave behind.
Your mission (if you choose to accept it) is to evolve and disrupt within the Red Team space by creating emulated environments within our platform that will simulate both hacking and defending in an engaging and intuitive way for our community.
You will design, build and deliver practical and theory content to gamify offensive security and make it engaging and fun for the end user. Youâll shake up traditional training and teach complex concepts in an innovative way.
If you have an interest in and passion for cyber security, are experienced in the area of offensive security, and want to disrupt how employees build their resilience against the latest threats we will appreciate your input and give you the space to innovate within our market leading platform, Immersive One.
Your main responsibilities (weâre scaling fast, so these may change as we grow):
Utilising knowledge of pen test and red teaming engagements and techniques to plan, write and improve offensive security labs, challenges and online learning content on the Immersive One platform.
Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification
Test Red Team labs and ranges to ensure they function as expected
Research vulnerabilities, tools and offensive tactics and compile this research to deliver practical and theory labs to users
Compile technical research into understandable concise content for both technical and non-technical audience
Work with the wider Product team on new projects and product innovations and how best to deploy them
Sounds good? Weâd love to hear from you if you have proven experience in the following areas:
A number of years of experience working in offensive security as a penetration tester or as a Offensive Security Consultant
In-depth knowledge of the MITRE ATT&CK framework and how it is used to help enterprises deal with threats to their organisation.
Have a strong technical understanding of networking, computing and cyber security concepts
Have the ability to use examples and analogies to simplify complex subjects - your content will train real world users to identify and combat the latest threats so you need to be able to inhabit the mindset of your target audience to create realistic simulations
Familiarity with Linux, Docker and Python would be beneficial
Attitude and approach is just as important as technical skills for this role - you will be someone who enjoys tackling complex problems and finding the solution. Youâll be a natural problem solver and âtinkererâ who enjoys prototyping and iteration.
Immersiveâs growth has been fuelled by our values that underpin everything we do, hereâs how they relate to this role:
Driven - We push the boundaries of innovation, acting swiftly to achieve ambitious outcomes. Our drive embodies a culture of ambition, where challenges are stepping stones to excellence.
Inclusive - Our strength lies in diversity, fostering a culture where every individual contributes to our collective strength. We champion open dialogue and empathy, ensuring a collaborative, inclusive workplace.
Customer Centric - We seek to develop deep relationships with our customers to help them achieve their business outcomes. We exceed our customers and partnersâ expectations by crafting products, services and experiences that surprise, delight and ensure they feel valued and supported every day.
One Team - We are a talented global team working together to achieve our vision. Central to our ethos, resilience means adapting and thriving in adversity. It guides our innovation, ensuring we and our clients are prepared for the future.
We encourage people of all different backgrounds and identities to apply. We are committed to maintaining an inclusive, supportive place for you to be you and do your very best work. Excited by the above? Weâre ready to receive your application!
As well as an inclusive, supportive place for you to be you. We offer an extensive range of benefits so you can do your very best work:
Time off, flexible and remote working so you can work when is best for you, includes 25 days annual leave + 2 volunteering days and your birthday off
The longer you are with Immersive, the more holiday days you get, up to a maximum of 30 days after five years of service
Look after your family and yourself with enhanced parental leave, mindfulness groups, critical illness cover, 7% matched pension, private healthcare plan and more
Career and learning development through the platform, a dedicated professional development fund and our âLearn Anythingâ fund - which enables you to learn anything thatâs not work!
Recognition & Rewards for doing great work and living our values and behaviours
Informal or formal flexible working options, e.g. flexible start and finish times, reduced hours
We have a vibrant team culture with team events throughout the year. Our socials have included everything from pottery painting and paper mask making, to dungeons and dragons!
When you do visit the UK hub, getting there is easy: weâre based in the centre of Bristol, just a 10 minute walk from the train station. We also offer railcard loan and cycle scheme to buy a new bike
Find out more about life at Immersive Labs https://careers.immersivelabs.com
Cyber threats wait for no one and neither should you. Apply now!
If you would like to read more about what you can expect from our recruitment process, you can visit our dedicated interview process page.
Designs and develops red team security labs and simulations, researching offensive security techniques to train users on threat detection and response.
A platform you can believe in: Immersive One is the leading cyber resilience solution across the globe.
Build and scale a best in class platform alongside a team of the brightest minds in cybersecurity! At Immersive, weâre uniquely positioned to future-proof organizations against any cyber challenge. If that excites you, read on!
Immersive helps prove and improve your cyber resilience, by simulating real-world threats, testing your skills, and measuring performance. We put your readiness to the ultimate test. From sharpening technical capabilities to making high-pressure decisions, our platform allows you to assess every angle, pinpoint areas for growth, and prove your ability to tackle evolving threats with unwavering confidence.
https://www.immersivelabs.com/why-immersive-labs
Immersive was founded in 2017, from a cargo container in Bristol, UK weâve grown to over 300 employees globally, announced funding of more than ÂŁ150 million and been voted a Best place to work on multiple occasions!
https://www.immersivelabs.com/company/our-story
Cyber Security Engineer - Red Team
Immersive is hiring! Could you be our next Cyber Security Engineer?
Due to customer demand and increasing maturity within our platform we have an exciting and challenging opportunity for an experienced cyber professional within the offensive security sector - with expertise in conducting red team engagements - to join our Product team as Cyber Security Engineer - Red Team.
If successful you will join our Cyber team working closely with our Cyber Team Leads as we embark on this exciting new phase of product development within our market leading cyber resilience platform.
This isnât an ordinary red team role - we know everyone claims this and will tell you their role is super uniqueâŠbut this one really is.
You are constantly researching, learning, totally geeking out on all things offensive security related, from red teaming, to the latest AI driven attacks, and then taking that knowledge and creating labs and ranges.
You will be a key player in our Red Team Content team, shaping and influencing the roll out of our offensive security and AI pen test content roadmap, simulating attack paths and helping train our users to counter the latest threats.
You will be educating the world of offensive security professionals on how to make sure they are secure in what they do. Now that is a pretty cool legacy to leave behind.
Your mission (if you choose to accept it) is to evolve and disrupt within the Red Team space by creating emulated environments within our platform that will simulate both hacking and defending in an engaging and intuitive way for our community.
You will design, build and deliver practical and theory content to gamify offensive security and make it engaging and fun for the end user. Youâll shake up traditional training and teach complex concepts in an innovative way.
If you have an interest in and passion for cyber security, are experienced in the area of offensive security, and want to disrupt how employees build their resilience against the latest threats we will appreciate your input and give you the space to innovate within our market leading platform, Immersive One.
Your main responsibilities (weâre scaling fast, so these may change as we grow):
Utilising knowledge of pen test and red teaming engagements and techniques to plan, write and improve offensive security labs, challenges and online learning content on the Immersive One platform.
Produce multi-format content utilising various teaching methods; practical exercises, questions & gamification
Test Red Team labs and ranges to ensure they function as expected
Research vulnerabilities, tools and offensive tactics and compile this research to deliver practical and theory labs to users
Compile technical research into understandable concise content for both technical and non-technical audience
Work with the wider Product team on new projects and product innovations and how best to deploy them
Sounds good? Weâd love to hear from you if you have proven experience in the following areas:
A number of years of experience working in offensive security as a penetration tester or as a Offensive Security Consultant
In-depth knowledge of the MITRE ATT&CK framework and how it is used to help enterprises deal with threats to their organisation.
Have a strong technical understanding of networking, computing and cyber security concepts
Have the ability to use examples and analogies to simplify complex subjects - your content will train real world users to identify and combat the latest threats so you need to be able to inhabit the mindset of your target audience to create realistic simulations
Familiarity with Linux, Docker and Python would be beneficial
Attitude and approach is just as important as technical skills for this role - you will be someone who enjoys tackling complex problems and finding the solution. Youâll be a natural problem solver and âtinkererâ who enjoys prototyping and iteration.
Immersiveâs growth has been fuelled by our values that underpin everything we do, hereâs how they relate to this role:
Driven - We push the boundaries of innovation, acting swiftly to achieve ambitious outcomes. Our drive embodies a culture of ambition, where challenges are stepping stones to excellence.
Inclusive - Our strength lies in diversity, fostering a culture where every individual contributes to our collective strength. We champion open dialogue and empathy, ensuring a collaborative, inclusive workplace.
Customer Centric - We seek to develop deep relationships with our customers to help them achieve their business outcomes. We exceed our customers and partnersâ expectations by crafting products, services and experiences that surprise, delight and ensure they feel valued and supported every day.
One Team - We are a talented global team working together to achieve our vision. Central to our ethos, resilience means adapting and thriving in adversity. It guides our innovation, ensuring we and our clients are prepared for the future.
We encourage people of all different backgrounds and identities to apply. We are committed to maintaining an inclusive, supportive place for you to be you and do your very best work. Excited by the above? Weâre ready to receive your application!
As well as an inclusive, supportive place for you to be you. We offer an extensive range of benefits so you can do your very best work:
Time off, flexible and remote working so you can work when is best for you, includes 25 days annual leave + 2 volunteering days and your birthday off
The longer you are with Immersive, the more holiday days you get, up to a maximum of 30 days after five years of service
Look after your family and yourself with enhanced parental leave, mindfulness groups, critical illness cover, 7% matched pension, private healthcare plan and more
Career and learning development through the platform, a dedicated professional development fund and our âLearn Anythingâ fund - which enables you to learn anything thatâs not work!
Recognition & Rewards for doing great work and living our values and behaviours
Informal or formal flexible working options, e.g. flexible start and finish times, reduced hours
We have a vibrant team culture with team events throughout the year. Our socials have included everything from pottery painting and paper mask making, to dungeons and dragons!
When you do visit the UK hub, getting there is easy: weâre based in the centre of Bristol, just a 10 minute walk from the train station. We also offer railcard loan and cycle scheme to buy a new bike
Find out more about life at Immersive Labs https://careers.immersivelabs.com
Cyber threats wait for no one and neither should you. Apply now!
If you would like to read more about what you can expect from our recruitment process, you can visit our dedicated interview process page.
Responds to security incidents and monitors systems as a SOC analyst, with fluency in Ukrainian language requirements.
Administers governance, risk, and compliance processes; coordinates security activities, handles compliance requests, and performs risk assessments with focus on GDPR and data protection.
We are seeking a Technical GRC Analyst to support the day-to-day operation of our governance, risk, compliance, and security assurance processes within a growing EdTech SaaS environment.
This role will focus on administering established policies and workflows, coordinating compliance and security activities, handling requests from across the business, and performing risk assessmentsâparticularly where personal data, information security, and GDPR considerations are involved.
You will play a key role in ensuring that our systems, processes, security tooling, and third-party relationships meet our security, compliance, and data protection standards.
Working closely with the IT & Information Security Manager and wider IT team, you will help maintain audit readiness, support operational security assurance activities, and coordinate remediation and evidence management across the organisation.
The role offers exposure across governance, operational security assurance, compliance, and risk management within a growing SaaS environment.
Key Responsibilities
Administer and operate IT risk, compliance, and security assurance processes aligned to internal policies and regulatory requirements (including GDPR)
Act as a central point of contact for compliance-related requests (e.g. Subject Access Requests (SARs), data sharing requests, access requests, exceptions, and supplier onboarding)
Perform risk assessments using defined criteria, with a focus on data protection and information security risks
Review requests against defined policies and controls, escalating where appropriate in line with internal governance processes
Support third-party / supplier risk assessments, including reviewing security and data protection documentation and tracking follow-up actions
Support periodic reviews of high-risk and business-critical suppliers, applications, and technology platforms to ensure appropriate security, compliance, and data protection controls remain in place
Support the implementation and ongoing operation of compliance and assurance tooling (Vanta), including evidence collection, test management, stakeholder coordination, remediation tracking, and control adoption activities.
Ensure appropriate documentation, audit trails, and evidence are maintained for assessments, compliance activities, and operational processes
Support internal and external audits (e.g. ISO 27001), including evidence gathering, action tracking, and coordination of remediation activities
Monitor compliance with policies and highlight potential risks, gaps, or control weaknesses for review
Support coordination and operational delivery of security improvement initiatives across IT and business teams.
Support incident management processes through documentation, tracking, and coordination of follow-up actions
Coordinate security awareness activities, including phishing simulation campaigns and training tracking
Assist with reviews of security tooling configurations and collection of supporting control evidence
Work closely with engineering, product, and business teams to ensure compliance and security processes are understood and followed
Contribute ideas and feedback to improve workflows and operational processes, particularly where they impact scalability, operational efficiency, or customer trust
Skills & Experience
Essential:
Experience in IT risk, compliance, or GRC roles within a SaaS or technology environment
Understanding of GDPR and handling of personal data (especially sensitive or child/student data)
Experience performing risk assessments using structured frameworks and defined processes
Ability to interpret policies and apply them to operational and real-world scenarios
Strong organisational, coordination, and documentation skills (audit trails, evidence, decision logs)
Experience working with cross-functional teams (e.g. engineering, product, operations)
Experience supporting operational security assurance activities, such as evidence collection, control validation, remediation tracking, or audit preparation
Desirable:
Familiarity with ISO 27001, Cyber Essentials, or similar frameworks
Experience supporting audits, evidence collection, or remediation tracking activities
Experience with vendor / third-party risk management
Exposure to data protection processes (e.g. SARs, DPIAs, data sharing assessments)
Exposure to data classification, data governance, or data loss prevention (DLP) processes
Experience with GRC, compliance, or assurance platforms (e.g. Vanta, Drata) and ticketing/workflow management tools
Exposure to Microsoft 365 security and compliance tooling (e.g. Entra ID, Intune, Secure Score, Defender)
Basic understanding of cloud/SaaS architecture and common security controls
Key Behaviours:
Pragmatic approach to risk, with the ability to balance compliance requirements with business needs
Comfortable assessing requests against defined policies and escalating concerns where appropriate
Confident communicating risks, issues, and follow-up actions to stakeholders
Detail-oriented, with a strong focus on documentation, evidence quality, and traceability
Organised and proactive, with the ability to manage multiple tasks and follow through on actions
Able to operate independently within established processes and governance frameworks
Collaborative approach to working with technical and non-technical teams
Bromcom is an equal opportunities employer.
Develops, tunes, and validates cybersecurity detections to improve threat visibility and MDR operations effectiveness.
Come join Deepwatchâs team of world-class cybersecurity professionals and the brightest minds in the industry. If youâre ready to challenge yourself with work that matters, then this is the place for you. Weâre redefining cybersecurity as one of the fastest growing companies in the U.S. â and we have a blast doing it!
Who We Are
Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatchâs cloud-based security operations platform, Deepwatch provides the industryâs fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.
Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.
Deepwatch recognition includes:
Deepwatch is seeking a Detection Engineer to join our Threat Detection & Research team and help strengthen detection capabilities across customer environments. Reporting to the Sr. Manager, Threat Detection & Research, this role is responsible for developing, tuning, validating, and optimizing cybersecurity detections that improve visibility into evolving threats and enhance the effectiveness of our MDR operations.
This role is ideal for a cybersecurity professional with strong analytical skills, hands-on SIEM experience, and a passion for threat detection engineering. You will work closely with Security Operations, Threat Research, Customer Success, and Engineering teams to improve alert fidelity, reduce false positives, and ensure high-quality detection coverage aligned to modern attacker behaviors and customer security priorities.
In this role, youâll get to:
Develop and document new Detection Capabilities for customer environments
Work with customers to develop a comprehensive strategy for effective detections
Evaluate current monitoring and detection capabilities to identify areas for improvement
Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
Ensure ingested log sources conform to CIM standards
To be successful in this role, youâll need:
Why Deepwatch?
What We Offer:
Deepwatch is excited to provide benefits designed to support team members and their families. Including:
We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please donât hesitate to apply â weâd love to hear from you. Please review our DEI Statement here.
Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact recruiting@deepwatch.com for further information.
All Deepwatch employees are expected to:
Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law. Â In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatchâs use of your personal information.
Develops, tunes, and validates cybersecurity detections to improve threat visibility and MDR operational effectiveness across customer environments.
Come join Deepwatchâs team of world-class cybersecurity professionals and the brightest minds in the industry. If youâre ready to challenge yourself with work that matters, then this is the place for you. Weâre redefining cybersecurity as one of the fastest growing companies in the U.S. â and we have a blast doing it!
Who We Are
Deepwatch is the leader in managed security services, protecting organizations from ever-increasing cyber threats 24/7/365. Powered by Deepwatchâs cloud-based security operations platform, Deepwatch provides the industryâs fastest, most comprehensive detection and automated response to cyber threats together with tailored guidance from dedicated experts to mitigate risk and measurably improve security posture. Hundreds of organizations, from Fortune 100 to mid-sized enterprises, trust Deepwatch to protect their business.
Our core values drive everything we do at Deepwatch, including our approach to tackling tough cyber challenges. We seek out tenacious individuals who are passionate about solving complex problems and protecting our customers. At Deepwatch, every decision, process, and hire is made with a focus on improving our cybersecurity solutions and delivering an exceptional experience for our customers. By embracing our values, we create a culture of excellence that is dedicated to empowering our team members to explore their potential, expand their skill sets, and achieve their career aspirations, which is supported by our unique annual professional development benefit.
Deepwatch recognition includes:
Deepwatch is seeking a Detection Engineer to join our Threat Detection & Research team and help strengthen detection capabilities across customer environments. Reporting to the Sr. Manager, Threat Detection & Research, this role is responsible for developing, tuning, validating, and optimizing cybersecurity detections that improve visibility into evolving threats and enhance the effectiveness of our MDR operations.
This role is ideal for a cybersecurity professional with strong analytical skills, hands-on SIEM experience, and a passion for threat detection engineering. You will work closely with Security Operations, Threat Research, Customer Success, and Engineering teams to improve alert fidelity, reduce false positives, and ensure high-quality detection coverage aligned to modern attacker behaviors and customer security priorities.
In this role, youâll get to:
Develop and document new Detection Capabilities for customer environments
Work with customers to develop a comprehensive strategy for effective detections
Evaluate current monitoring and detection capabilities to identify areas for improvement
Manage detection capabilities to ensure appropriate coverage, effective operation, and adherence to Deepwatch standards
Onboard assigned customers, establishing baseline detection coverage and detection enablement plan post onboarding
Ensure ingested log sources conform to CIM standards
To be successful in this role, youâll need:
Why Deepwatch?
What We Offer:
Deepwatch is excited to provide benefits designed to support team members and their families. Including:
We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please donât hesitate to apply â weâd love to hear from you. Please review our DEI Statement here.
Deepwatch welcomes and encourages applications from people with disabilities and accommodations are available on request for candidates taking part in all aspects of the selection process. Please inform your recruiter or contact recruiting@deepwatch.com for further information.
All Deepwatch employees are expected to:
Deepwatch is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, age, disability status, marital status, sexual orientation, gender identity, genetic information, protected veteran status, or any other characteristic protected by law. Â In compliance with federal law, all persons hired will be required to verify identity and eligibility to work in the United States and to complete the required employment eligibility verification document form upon hire.
By submitting your application, you agree that Deepwatch may collect your personal data for recruiting, global organization planning, and related purposes. The Deepwatch Privacy Policy explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over Deepwatchâs use of your personal information.
Design and develop software solutions for cloud infrastructure security, including DevSecOps automation, access controls, detection systems, and vulnerability management.
All roles at JumpCloudÂź are Remote unless otherwise specified in the Job Description.
JumpCloudÂź is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.
As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.
Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineeringâs Security needs (Product Security and Infrastructure Security).
Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).
Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.
Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.
Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.
4 years of software engineering experience with a strong interest or background in security engineering
Proficient in writing Golang or Python (more than simple scripts)
Experience with either AWS or GCP
Experience with Terraform
Experience with GitHub Actions
Excellent written and oral communication
Views security as an enabler, not an inhibitor to innovation
Results oriented and self driven
High level of integrity
Ownership and accountability
Clear communication
Creative problem solver
Passionate about security
You must be available for on-call (after hours) duties for any internal tools/services this team owns
Serve as a responder in the on-call rotation for security incidents and alert triage.
Where youâll be working/Location:
JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.
You must be located in and authorized to work in the country noted in the job description to be considered for this role.
Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts donât go unaddressed.
Language:
JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description.
Why JumpCloud?
If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! Youâll work with amazing talent across each department who are passionate about our mission. Weâre out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. Youâll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
One of JumpCloudâs three core values is to âBuild Connections.â To us that means creating â human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.â - Rajat Bhargava, CEO
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Scam Notice:
Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.
All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line âScam Noticeâ
#LI-Remote #BI-Remote
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.
Design and develop security infrastructure, automation, and cloud access controls while managing SIEM configurations, vulnerability systems, and security tooling across cloud platforms.
All roles at JumpCloudÂź are Remote unless otherwise specified in the Job Description.
JumpCloudÂź is the AI-powered unified IT management platform designed to secure the modern workforce. By consolidating identity, device, and access management, JumpCloud provides intelligent, secure IT that scales from human users to autonomous AI agents. We help organizations around the globe eliminate complexity and turn AI risk into an optimized advantage, ensuring the right people and agents have secure access to the right resources at all times.
As a Security Engineer on the DevSecOps Team, you will be responsible for designing and developing software solutions for protecting data and infrastructure deployed into the cloud. The Security organization is composed of SecOps, GRC, and DevSecOps functions, but all functions work closely together so you will be exposed to many different security areas.
Infrastructure & Automation: Build and maintain infrastructure, including custom software and vendor integrations, to support Engineeringâs Security needs (Product Security and Infrastructure Security).
Cloud Access Engineering: Design and implement secure, automated self-service workflows for cloud infrastructure access and privilege escalation (AWS/GCP).
Detection & Logging: Manage security infrastructure and SIEM configurations via Infrastructure as Code (Terraform) to ensure a highly auditable detection environment. Build and manage high-volume security data pipelines to ensure forensic logs are retained efficiently and cost-effectively.
Vulnerability & Posture Management: Help design, overhaul, and improve custom vulnerability aggregation systems to streamline remediation efforts. Manage and tune Cloud Security Posture Management (CSPM) and container security platforms to ensure optimal coverage and reduce alert fatigue.
Software Supply Chain & AppSec: Integrate and manage Software Supply Chain Security tooling to protect our developer ecosystem. Partner with Engineering to scale our threat modeling program, including developing automated and AI-assisted threat modeling pipelines built directly into the developer workflow.
4 years of software engineering experience with a strong interest or background in security engineering
Proficient in writing Golang or Python (more than simple scripts)
Experience with either AWS or GCP
Experience with Terraform
Experience with GitHub Actions
Excellent written and oral communication
Views security as an enabler, not an inhibitor to innovation
Results oriented and self driven
High level of integrity
Ownership and accountability
Clear communication
Creative problem solver
Passionate about security
You must be available for on-call (after hours) duties for any internal tools/services this team owns
Serve as a responder in the on-call rotation for security incidents and alert triage.
Where youâll be working/Location:
JumpCloud is committed to being Remote First, meaning that you are able to work remotely within the country noted in the Job Description.
You must be located in and authorized to work in the country noted in the job description to be considered for this role.
Please note: There is an expectation that our engineers participate in on-call shifts. You will be expected commit to being ready and able to respond during your assigned shift, so that alerts donât go unaddressed.
Language:
JumpCloud has teams in 15+ countries around the world and conducts our internal business in English. The interview and any additional screening process will take place primarily in English. To be considered for a role at JumpCloud, you will be required to speak and write in English fluently. Any additional language requirements will be included in the details of the job description.
Why JumpCloud?
If you thrive working in a fast, SaaS-based environment and you are passionate about solving challenging technical problems, we look forward to hearing from you! JumpCloud is an incredible place to share and grow your expertise! Youâll work with amazing talent across each department who are passionate about our mission. Weâre out of the box thinkers, so your unique ideas and approaches for conceiving a product and/or feature will be welcome. Youâll have a voice in the organization as you work with a seasoned executive team, a supportive board and in a proven market that our customers are excited about.
One of JumpCloudâs three core values is to âBuild Connections.â To us that means creating â human connection with each other regardless of our backgrounds, orientations, geographies, religions, languages, gender, race, etc. We care deeply about the people that we work with and want to see everyone succeed.â - Rajat Bhargava, CEO
Please submit your résumé and brief explanation about yourself and why you would be a good fit for JumpCloud. Please note JumpCloud is not accepting third party resumes at this time.
JumpCloud is an equal opportunity employer. All applicants will be considered for employment without attention to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.
Scam Notice:
Please be aware that there are individuals and organizations that may attempt to scam job seekers by offering fraudulent employment opportunities in the name of JumpCloud. These scams may involve fake job postings, unsolicited emails, or messages claiming to be from our recruiters or hiring managers. Please note that JumpCloud will never ask for any personal account information, such as credit card details or bank account numbers, during the recruitment process. Additionally, JumpCloud will never send you a check for any equipment prior to employment.
All communication related to interviews and offers from our recruiters and hiring managers will come from official company email addresses (@jumpcloud.com) and will never ask for any payment, fee to be paid or purchases to be made by the job seeker. If you are contacted by anyone claiming to represent JumpCloud and you are unsure of their authenticity, please do not provide any personal/financial information and contact us immediately at [email protected] with the subject line âScam Noticeâ
#LI-Remote #BI-Remote
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, transcribing or summarizing interviews, and assessing responses. These tools assist our recruitment team but do not replace human judgment in hiring decisions, which are ultimately made by humans. Please see our Privacy Policy (https://jumpcloud.com/privacy) for more information about our personal data practices.
Leads threat modeling, manages cloud security findings, and partners with engineering teams to secure platform infrastructure while exploring AI-driven security automation.
LaunchDarklyâs Product Security team is hiring a Product Security Engineer II to strengthen how we secure the platform engineers build with every day. Youâll bring depth in security fundamentals and program design as a member of a small, high-leverage team with strong engineering instincts.
LaunchDarkly is critical infrastructure. Our security team keeps it safe for the global systems that depend on us. Youâll spend most of your time on threat modeling and cloud security posture, with rotating exposure to the rest of the ProdSec surface area. Your work will help developers move fast without sacrificing security, through automation, guidance, and the kind of partnership that makes the secure path the easy one.
Youâll report to the Director of Security and work closely with software engineers, product managers, and other security engineers. We expect you to bring a sharp point of view on where AI can take work off the teamâs plate and make our coverage deeper.
Lead threat modeling engagements on the features and services where the risk warrants it.
Partner with the ProdSec lead to evolve the practice from on-request to repeatable, with clear criteria for when an engagement is worth running.
Own day-to-day triage of CNAPP findings end to end. Investigate, prioritize, route to service owners, and close the loop. Look for patterns that point to systemic fixes instead of one-off cleanup.
Contribute to SDLC tooling, SAST/SCA workflows, and bug bounty triage as the teamâs work demands.
Partner with product engineering teams as a trusted reviewer. Catch issues early, explain the why, propose paths forward. Say no when needed, with reasons and alternatives.
Bring AI to the work. Use it to accelerate triage, summarize findings, draft threat models, scan code, and reduce toil. Help the team build durable patterns for safe and effective use, not one-off prompts.
Push the security floor up over time through documentation, office hours, small tooling improvements, and the kind of compounding work that prevents incidents rather than responds to them.
Youâre proactive by default. Youâd rather spot drift early and fix the cause than chase symptoms after an incident.
You believe security is a craft of habits and systems. Small consistent improvements beat heroic one-offs.
You invest in relationships with the engineering, product, and leadership teams you work with.
You know security work moves at the speed of trust.
Youâre a good partner. Youâre helpful and direct, you say no with reasons and alternatives, and you donât mistake gatekeeping for rigor.
Youâre security-first by background but engineering-curious by nature. You want to understand how the systems work, not just whatâs wrong with them.
You treat AI as part of the toolkit. Youâre skeptical where you should be, aggressive where it pays off, and you want to work somewhere thatâs serious about both.
2 to 4 years of full-time experience in a security-focused role. AppSec, ProdSec, or cloud security preferred.
Comfortable reading and critiquing pull requests in a modern stack. You donât need to ship production services, but you should follow the code, ask sharp questions, and write small tools when it helps.
Experience participating in or leading threat modeling exercises. Familiar with at least one structured approach (STRIDE, attack trees, or equivalent).
Working knowledge of cloud security posture. Exposure to a CNAPP is a strong plus.
Strong fundamentals: OWASP Top 10, authentication and authorization patterns, secrets management, common cloud misconfigurations.
Hands-on experience applying AI tooling to security or engineering work. You can point to specific examples where it changed how you operated.
Nice to Haves:
Experience with developer tools, SaaS platforms, or feature management
Bug bounty triage experience (HackerOne, Bugcrowd)
Familiarity with Go, Python, or TypeScript
Contributions to internal security tooling or open-source security projects
Pay:
Target pay ranges based on Geographic Zones* for Level 2:
LaunchDarkly operates from a place of high trust and transparency; we are happy to state the pay range for our open roles to best align with your needs. Exact compensation may vary based on skills, experience, and location.
*Within the United States, our geographic pay zones are defined by counties surrounding major metropolitan areas.
**Restricted Stock Units (RSUs), health, vision, and dental insurance, and mental health benefits in addition to salary.
Modern software delivery was supposed to be the foundation for a thriving digital business but reality has proven otherwise. Slow, inefficient development cycles, costly outages, and fragmented customer experiences are preventing developers from building their best software. The LaunchDarkly platform helps developers innovate on new features faster while protecting them with a safety valve to instantly rewind when things go wrong. Developers can target product experiences to any customer segment and maximize the business impact of every feature. And by gradually rolling out new application components, they escape nightmare âbig-bangâ technology migrations.
The LaunchDarkly platform was built to guide engineers to the next frontier of DevOps by:
At LaunchDarkly, we believe in the power of teams. Weâre building a team that is humble, open, collaborative, respectful and kind. We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, gender identity, sexual orientation, age, marital status, veteran status, or disability status. LD invites any applicant to review our written Affirmative Action Plan. To do so, contact People Ops at hr@launchdarkly.com.
Do you need a disability accommodation?
Fill out this accommodations request form and someone from our People Operations team will contact you for assistance.
Your safety matters to us. To protect yourself from potential scams, LaunchDarkly recruiters will only contact you from @LaunchDarkly.com email addresses or via LinkedIn from âVerified Recruiterâ accounts.Be cautious of emails from other domains. Legitimate LaunchDarkly recruiters will never ask for money, fees, or banking information before making a job offer. LaunchDarkly will never make a job offer without conducting a formal interview process. Our interview process does not involve asking detailed questions by email. If you are ever unsure about a communication that you receive, donât click any linksâvisit Careers | LaunchDarkly directly for confirmed job openings and links to apply.
Please notify us of any fraudulent representation by sending an email to careers@launchdarkly.com.
