• Lead and manage Kong Cybersecurity Programs across OCISO • Establish, develop and track KPIs • Collaborate with engineering, product, and business stakeholders to define, prioritize, and deliver technical solutions. • Present complex technical challenges and resolutions to leadership and stakeholders. • Stay current on regulatory and industry standards (for example, ISO 27001, PCI-DSS, FedRAMP, NIST 800-53) to inform risk and control strategies. • Build strategies for issue and risk mitigation, contingency planning, and compliance adherence. • Demonstrate ownership and autonomy in managing programs and delivering high-quality results.

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Lead Penetration Tester is an experienced offensive security professional who reports directly to the Director of Offensive Security. In this client-facing role, you will lead and execute penetration testing engagements for MSSP customers, serve as an escalation point for other penetration testers, and help ensure high-quality, defensible deliverables across the team. - Lead and execute penetration tests primarily across web applications, external APIs, and networks, performing manual testing, exploitation, and validation beyond automated scanning. - Serve as the primary escalation point for other penetration testers to unblock investigations, validate exploitation paths, and review findings for accuracy and consistency. - Conduct scoping calls with customers, confirm rules of engagement, and manage the pentest lifecycle. - Present findings to engineering teams and executive stakeholders, translating technical issues into remediation priorities. - Contribute to internal offensive security tooling, playbooks, templates, and scripts. Qualifications - Minimum 2 years of verifiable experience as a professional penetration tester in a full-time role. - Direct experience in pentesting web applications, external web APIs, and networks. - Experience in one or more of the following categories: - Mobile Applications - Cloud Infrastructures (AWS, Azure, GCP) - GenAI/ML - Desktop (Thick Client) Applications - Vishing/Phishing - Secure Code Reviews - Strong exploitation and validation skills with technical abilities above verifying scan results. - Ability to produce clear and precise penetration test reports with reproducible steps and screenshots of evidence to provide practical remediation guidance effectively with customers. - Ability to mentor and uplift other Offensive Security team members through technical guidance, review, and structured feedback. - Must be currently based in the United States. No sponsorship available for this position. Benefits - Supportive leadership and a clear growth path - 100% of employee medical premiums are covered by the employer and discounted family insurance options - Dental and Vision Benefits - PTO and Sick Time + 11 paid Holidays - 401K retirement option with company match - Company-paid Life Insurance - Annual Subscription to TalkSpace (online counseling & therapy service)

This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more. Role Description The Director of Information Technology is hands on to lead and scale our IT, security, cloud, and infrastructure capabilities as we continue to grow as a SaaS health technology company. This role is critical to ensuring the reliability, security, and compliance of our platforms while enabling productivity across the organization. - Own and operate corporate IT systems including endpoint management, identity and access management, collaboration tools, and internal applications. - Design, implement, and maintain scalable, secure, and reliable cloud infrastructure leveraging AWS, Entra, and or cloud native platforms. - Oversee networking architecture including VPNs, firewalls, segmentation, and connectivity between cloud and corporate environments. - Establish IT standards, policies, and procedures to support a growing, distributed workforce. - Foster a culture of Infrastructure as Code (IaC) using tools like Terraform and Ansible to eliminate manual bottlenecks. - Lead the company’s information security program, including policies, risk management, incident response, and security operations. - Ensure compliance with applicable regulatory and industry standards such as HIPAA, SOC 2, ISO 13485, and other customer or partner requirements. - Partner with Compliance and Engineering teams to support audits, risk assessments, and vendor security reviews. - Drive security awareness and training across the organization. - Lead DevOps strategy including CI/CD pipelines, infrastructure as code, monitoring, logging, and reliability practices. - Partner closely with Engineering to improve system availability, performance, scalability, and cost optimization. - Establish and track SLOs, SLAs, and operational metrics for production systems. - Own disaster recovery, business continuity, backup, and resiliency planning. - Build, mentor, and manage a high-performing team across IT operations, cloud engineering, and security. - Serve as a trusted partner to Engineering, Product, Finance, and Operations leaders. - Manage vendors and service providers, including MSPs, security tools, and cloud partners. - Support due diligence and integration activities related to customer security reviews, partnerships, or acquisitions. - Develop and execute an IT and infrastructure roadmap aligned with company growth and business objectives. - Own budgeting, forecasting, and cost management for IT, security, and cloud infrastructure. - Evaluate and implement tools and technologies that improve efficiency, security, and scalability. Qualifications - Bachelor’s degree in a relevant field such as Computer Science, Information Technology, Management Information Systems, Engineering, or a related technology discipline. - 8–12+ years of experience in IT, infrastructure, cloud engineering or DevOps, with at least 5 years in a leadership role. - Strong experience operating SaaS platforms in cloud environments preferably AWS. - Demonstrated ownership of security and compliance programs in regulated environments (healthcare strongly preferred). - Hands-on knowledge of: - Identity and access management (SSO, MFA, RBAC) - Cloud networking and security architecture - CI/CD pipelines and infrastructure as code (Terraform, CloudFormation, etc.) - Endpoint management and corporate IT tooling - Proven ability to scale systems and processes in a growing organization. Requirements - Experience in health tech, medical devices, or regulated SaaS environments. - Familiarity with HIPAA, SOC 2 Type II, ISO 13485, or similar frameworks. - Experience supporting remote-first or distributed teams. - Strong vendor management and audit support experience. Leadership Competencies - Security-first and risk-aware mindset. - Strong operational discipline and attention to detail. - Clear communicator who can translate technical concepts for non-technical stakeholders. - Pragmatic, hands-on leader who balances speed with reliability and compliance. - Collaborative partner with a customer- and employee-centric approach.

At Hugging Face, we're on a journey to democratize good AI. We are building the fastest growing platform for AI builders with over 11 million users who collectively shared over 2M models, 700k datasets & 600k apps. Our open-source libraries have more than 600k+ stars on Github. About the Role As a Public Policy Manager, you will work on strategy and engagement for AI policy issues in the U.S. and internationally. Your responsibilities include: - Leading engagement with the policy community, with the U.S. federal government in Washington D.C., U.S. state governments and other governments and governing bodies such as the UK and EU. - Explain technical AI security issues and connect to policy recommendations and actions. - Conduct policy analyses on AI, including open source, geopolitical implications for AI, and AI security. - Analyze trends in AI, such as model and AI artifact usage and effect on workforces. - Build strong networks with key decision-makers in government and relevant policy organizations. - Track and analyze relevant policy developments on AI, to inform research and analysis.  - Work closely with technical teams internally on policy documents and research artifacts. In this role, you will work with one of the most active Machine Learning communities to combine the perspectives of diverse stakeholders and promote better technology governance. You'll interact with Researchers, ML practitioners, ethicists, and data scientists on a daily basis through GitHub, our forums, or slack. About you We are seeking candidates who  - Demonstrate an expert understanding of AI related policy issues, such as geopolitics, security, and economic and labor impact.  - Have experience working closely with the U.S. federal government and understanding of policy processes. - Have a background in research and analysis, with published work in media outlets or other venues. If you're interested in joining us, but your experience is different from the traditional mold, we still encourage you to apply! We're building a diverse team whose skills, experiences, and background complement one another, and we value and encourage having multiple perspectives. We're happy to consider where you might be able to have the most impact. More about Hugging Face We are actively working to build a culture that values diversity, equity, and inclusivity.We are intentionally building a workplace where people feel respected and supported—regardless of who you are or where you come from. We believe this is foundational to building a great company and community. Hugging Face is an equal opportunity employer and we do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status. We value development.You will work with some of the smartest people in our industry. We are an organization that has a bias for impact and is always challenging ourselves to continuously grow. We provide all employees with reimbursement for relevant conferences, training, and education. We care about your well-being. We offer flexible working hours and remote options. We offer health, dental, and vision benefits for employees and their dependents. We also offer parental leave and flexible paid time off. We support our employees wherever they are. While we have office spaces in NYC and Paris, we’re very distributed and all remote employees have the opportunity to visit our offices. If needed, we’ll also outfit your workstation to ensure you succeed. We want our teammates to be shareholders. All employees have company equity as part of their compensation package. If we succeed in becoming a category-defining platform in machine learning and artificial intelligence, everyone enjoys the upside. We support the community. We believe major scientific advancements are the result of collaboration across the field. Join a community supporting the ML/AI community.