At BioRender, we’re on a mission to accelerate the world’s ability to learn, discover, and communicate science — transforming how knowledge is shared and making science open, collaborative, and easily understandable by all. We’re shaping the future of science communication and are looking for talented individuals to help bring this vision to life! 🚀 We're hiring a Director of Security to lead our Security team at BioRender. As we integrate AI deeply into both our software development process and products, we need a security leader who understands both traditional information security and the emerging AI threat landscape. This role is equal parts builder and strategist. You’ll set the security vision and governance model for a company shipping AI-powered features to enterprise customers who handle sensitive research data. Our ideal fit - Experienced security leader, focused on user experience and thoughtful in building an impactful and efficient security culture - Strategic builder who thinks long-term but will get in the weeds when needed - Business-focused and empathetic, someone who earns trust across engineering, product, go-to-market teams, and customers by being a partner, not a bottleneck - Passionate about the intersection of security and scientific research and understands why enterprise customers in pharma, biotech, and academia have heightened data sensitivity What you'll be doing - Partner with engineering to evolve our approach for secure software development using AI coding tools and the security of our customer-facing products - Maintain and advance our security and compliance posture; evaluate other certifications as a competitive differentiator for enterprise deals - Scale our security function through automation as much as possible - Lead our security operations function: auditing, internal documentation, incident response, and company-wide security awareness - Own BioRender’s security narrative for enterprise customers, including our Trust Center, security documentation, and customer-facing security reviews - Instill a culture of security across the company, and integrate security and data privacy into processes and decision making What you bring to the table - 7+ years in security leadership, including experience building or significantly scaling a security program at a fast-growing SaaS company - Deep experience with SOC 2, ISO 27001, and similar compliance certifications - Demonstrated understanding of appsec, AI product, and AI software development security risks and how to mitigate them - A preference for automation over manual scaling - Strong track record partnering with product and engineering teams in a governance / oversight model, setting policy and guardrails while engineering executes - Experience with enterprise security requirements in regulated or research-intensive industries - Excellent at rolling out organizational change and getting buy-in across technical and non-technical teams Why join us? - We are mission-driven: we work collaboratively towards our shared vision of improving scientific communication and accelerating scientific discovery. BioRender figures have appeared in more than 54,000 publications! - BioRender is loved by millions! We have a world-class NPS and a community of loyal fans and users in 200+ countries! - Our company is backed by top investors and accelerators like Y Combinator, and we are on a growth trajectory comparable to many top-performing SaaS companies - We’re remote-first with team members across Canada and the U.S., offering you the flexibility to work from anywhere. BioRender is an Equal Opportunity Employer. We celebrate diversity and are committed to creating an inclusive environment for all employees. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

Who we are About Stripe Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career. About the team The Proactive Threat team identifies, detects, and responds to threats before they impact Stripe's business or users. The Detection Engineering & Threat Hunting function sits at the intersection of offense and defense — we leverage deep knowledge of attacker tradecraft to build high-fidelity detections, hunt for sophisticated threats, and validate defensive capabilities across Stripe's critical systems. We are builders first. Our team develops detection-as-code, automates analysis workflows, and builds tooling that scales detection and response across a complex, global environment. We partner closely with Threat Intelligence, Incident Response, and offensive security teams to ensure our detections are grounded in real-world adversary behavior. The team is distributed across the United States (Eastern and Pacific time zones) and collaborates regularly with stakeholders across Stripe — including teams in Europe and Asia. What you'll do You will design, build, and maintain detections that identify malicious activity across Stripe's infrastructure, applications, and cloud environments. You'll leverage your understanding of attacker TTPs — from initial access through exfiltration — to develop detection logic that catches real threats while minimizing noise. Beyond writing detections, you'll conduct threat hunts, perform malware analysis, and build automation that enables detection engineering at scale. Responsibilities - Design, build, and tune high-fidelity detections across modern SIEM platforms, covering adversary TTPs across the full attack lifecycle - Develop detection hypotheses by researching TTPs, identifying evidence sources, and determining detection opportunities across available telemetry - Conduct hypothesis-driven threat hunts to identify malicious activity, uncover detection gaps, and validate security controls - Perform malware analysis and reverse engineering to extract indicators and inform detection strategies - Build network-based detections (flow, pcap, protocol analysis) and endpoint-based detections (event logs, EDR telemetry, memory/file artifacts) across Windows, Linux, and macOS - Partner with Threat Intelligence to operationalize intel reports into detections, hunting leads, and enrichment logic - Collaborate with IR, SOC, and offensive security teams to validate and refine detections based on real-world incidents and red team exercises - Build data pipelines, automation, and tooling that enable detection-as-code practices and scalable deployment - Map detection coverage to MITRE ATT&CK, identifying and prioritizing gaps across key attack surfaces - Lead projects, mentor teammates, and champion quality standards within the team Who you are We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement. Minimum requirements - 5+ years of experience in detection engineering, threat hunting, or security operations - Demonstrated experience writing detection logic in modern SIEM platforms (e.g., Splunk, Chronicle, Elastic, CrowdStrike NG-SIEM, Panther, Microsoft Sentinel) - Strong understanding of adversary tradecraft across the attack lifecycle: initial access, privilege escalation, lateral movement, defense evasion, persistence, and exfiltration - Ability to extract TTPs from threat intelligence reports and translate them into detection opportunities - Experience developing network-based and endpoint-based detections across multiple OS platforms (Windows, Linux, macOS) - Experience analyzing telemetry across endpoint, network, cloud (AWS/GCP/Azure), identity, and application log sources - Proficiency in detection/query languages (SPL, KQL, EQL, YARA-L, SQL) and programming (Python or similar) - Strong communication skills with the ability to document detection logic and explain findings to technical and non-technical audiences - Adversarial mindset — understanding how attackers operate to build detections that catch real-world threats Preferred qualifications - Experience in detection engineering or threat hunting within fintech, financial services, or highly regulated environments - Background in malware analysis, reverse engineering, or threat research - Experience with purple team operations — collaborating with offensive security to validate detections - Familiarity with big data platforms (Databricks, Trino, PySpark) for large-scale log analysis - Proficiency with AI/LLM-assisted development tools (Claude Code, Cursor, GitHub Copilot) applied to detection workflows - Interest in agentic automation — using LLMs to augment hunting, tuning, or triage - Experience with detection validation tools (Atomic Red Team, ATT&CK Evaluations) - Contributions to open-source detection content, research, or conference presentations - Relevant certifications such as HTB CDSA, GCIH, GCFA, GNFA, OSCP, TCM PMAT, or GREM

Who we are About Stripe Stripe is a financial infrastructure platform for businesses. Millions of companies—from the world's largest enterprises to the most ambitious startups—use Stripe to accept payments, grow their revenue, and accelerate new business opportunities. Our mission is to increase the GDP of the internet, and we have a staggering amount of work ahead. That means you have an unprecedented opportunity to put the global economy within everyone's reach while doing the most important work of your career. About the team The Proactive Threat team is responsible for identifying vulnerabilities and security weaknesses across Stripe's systems, applications, networks, and cloud infrastructure — before adversaries do. We operate as a hybrid offensive function: conducting penetration testing, emulating real-world threat actors through red team operations, and partnering closely with our defensive security teams to validate detection capabilities and improve Stripe's overall security posture. We are builders first. Our team develops custom tooling, automation frameworks, and internal platforms that scale our offensive capabilities and enable repeatable, high-fidelity assessments. We believe the best offensive security engineers are equal parts hacker and engineer. The team is distributed across the United States, primarily operating in Eastern and Pacific time zones, and collaborates regularly with security, engineering, and product stakeholders across Stripe — including teams in Europe and Asia. What you'll do As an Offensive Security Engineer on the Proactive Threat team, you will simulate the tactics, techniques, and procedures (TTPs) of real-world adversaries to uncover security risks across Stripe's products and infrastructure. You'll conduct hands-on penetration testing, lead red team engagements, and collaborate with blue team counterparts to validate and improve detection and response capabilities. Your work will directly influence how Stripe builds, ships, and secures financial infrastructure used by millions of businesses worldwide. Beyond assessments, you'll design and build offensive tooling and automation that amplifies the team's impact. You'll leverage threat intelligence to prioritize testing efforts, contribute to incident investigations when needed, and act as a subject-matter expert for security initiatives across the company. Responsibilities - Conduct comprehensive penetration tests across web applications, APIs, cloud environments (AWS/GCP/Azure), mobile applications, and internal infrastructure - Plan and execute red team engagements that emulate the TTPs of cyber and criminal threat actors targeting financial services, including initial access, lateral movement, persistence, and data exfiltration scenarios - Perform assumed-breach and objective-based assessments to test detection and response capabilities in coordination with defensive teams - Partner with detection engineering, threat intelligence, and incident response teams to validate security controls, identify coverage gaps, and improve detection fidelity - Contribute adversary tradecraft insights to inform detection rule development, threat hunting hypotheses, and incident response playbooks - Support incident investigations by providing offensive expertise, log analysis, and root cause analysis when required - Design, develop, and maintain custom offensive tools, scripts, and automation frameworks to enhance assessment efficiency and coverage - Build internal platforms and workflows that enable scalable, repeatable offensive operations - Contribute to internal security tooling repositories and champion engineering best practices within the team - Automate repetitive testing tasks, payload generation, and reporting workflows using modern development practices - Produce clear, actionable reports that communicate technical findings, business risk, and remediation guidance to both technical and non-technical stakeholders - Act as a subject-matter expert and primary point of contact for stakeholder teams engaged in offensive security programs and Stripe-wide security initiatives - Lead offensive security projects end-to-end, mentor junior team members, and foster a culture of continuous learning and knowledge sharing - Stay current with emerging threats, vulnerabilities, and attack techniques; share research internally and contribute to the broader security community Who you are We're looking for someone who meets the minimum requirements to be considered for the role. If you meet these requirements, you are encouraged to apply. The preferred qualifications are a bonus, not a requirement. Minimum requirements - 5+ years of experience in offensive security, penetration testing, red teaming, or a related field - Strong programming skills in Python, Go, or similar languages, with demonstrated experience building tools, automation, or custom exploits - Deep knowledge of web application security, including OWASP Top 10, ASVS, and common vulnerability classes (injection, auth flaws, business logic, etc.) - Hands-on experience with cloud platforms (AWS, Azure, or GCP), including cloud-native attack techniques and misconfigurations - Proficiency with offensive tooling such as Burp Suite, Cobalt Strike, Mythic, Sliver, BloodHound, or similar frameworks - Familiarity with adversary tradecraft and frameworks such as MITRE ATT&CK, including TTPs for initial access, privilege escalation, lateral movement, and exfiltration - Excellent written and verbal communication skills, with the ability to translate complex technical findings into clear, risk-based recommendations - Ability to think like an adversary — creative, persistent, and able to holistically assess risk in complex environments Preferred qualifications - Experience conducting offensive security in fintech, financial services, or other highly regulated environments - Background in vulnerability research, exploit development, or CVE discovery - Experience collaborating with threat intelligence, detection engineering, or incident response teams (purple team operations) - Familiarity with big data and log analysis tools (Splunk, Databricks, PySpark, osquery, etc.) for threat hunting or investigative support - Proficiency with AI/LLM-assisted development tools (e.g., Claude Code, Cursor, GitHub Copilot) and experience applying them to offensive security workflows - Interest or experience in agentic automation — using LLMs or autonomous agents to augment reconnaissance, vulnerability discovery, or exploitation workflows - Experience testing AI/ML systems or LLM-based applications for security weaknesses (prompt injection, training data extraction, model manipulation, etc.) - Contributions to open-source security tools, published research, blog posts, or conference presentations - Relevant certifications such as OSCP, OSWE, OSEP, OSED, CRTO, CPTS, PNPT, GXPN, or cloud security certifications

Description The Work: ICF is looking for an enthusiastic Senior Security Engineer to join our team and help with ensuring our environments and applications meet Federal Security Standards. If you are Security Engineer interested in applying your expertise in Security Engineering in a consulting environment, then this may be the role for you. Job Location: This position requires that the job be performed in the United States.  If you accept this position, you should note that ICF does monitor employee work locations and blocks access from foreign locations/foreign IP addresses, and also prohibits personal VPN connections. - Our core work hours are 10am - 4pm Eastern Time with the option to start earlier or work later depending on your time zone. However, please note our client is on the east coast and may sometimes start a meeting earlier than 10:00 which may require your participation. - Travel for a conference or to another ICF location for collaboration may be required once a year. What You Will Do: The selected candidate will be required to work on multiple products and must be able to develop and present secure solutions and advice to technical teams as well as leadership. The candidate will further be required to assess risks and advise on security standards, best practices, and solutions. All this must be done by maintaining security quality and customer satisfaction. Various tools are used to detect vulnerabilities and the security engineer documents these vulnerabilities and works with developers to get them corrected. The security engineer will need to work on a path to production for new applications ensuring all the documentation and appropriate steps are taken and approved to have a highly secure production application and environment. Responsibilities: - Perform Static Application Security Testing (SAST) to identify potential vulnerabilities in the application code and infrastructure  - Perform Dynamic Application Security Testing (DAST)  - Create and update threat models for FISMA systems  - Assist and lead security incident response  - Assist with documentation of System Security plan and Contingency Plans for related projects  - Ensure security systems are up to date and create documentation and planning for all security-related information, including incident response and disaster recovery plans  - Review policies and procedures for compliance with applicable standards; and to identify areas of improvement for finding remediation  - Interact with senior level management, including the ISSO  - Use security assessment tools such as Nessus, Snyk, AWS GuardDuty and AWS Inspector  - Apply a demonstrated understanding of cryptography to secure web applications and data at rest  - Work with development teams to review and correct code written in higher level programming languages and scripts   - Work with DevOps teams to securely harden Linux based machines and cloud infrastructure   Basic Qualifications: - Bachelor’s Degree - 5+ years of professional security engineering experience - Candidate must be able to obtain and maintain a Public Trust - Candidate must reside in the U.S., be authorized to work in the U.S., and all work must be performed in the U.S. - Candidate must have lived in the U.S. for three (3) full years out of the last five (5) years What We Would Like You To Bring With You: . - Hands on experience that includes: - NIST 800‑53 security controls - System hardening and implementation of DoD STIGs - Leading incident response activities - Data management and applied cryptography - Cloud security and infrastructure (AWS, Azure, and/or GCP) - Awareness of OWASP Top Ten and CWE Top 25 - Linux command line usage (e.g., bash, sh, zsh) - Scripting in Python, Perl, or similar languages - Prior experience in consulting or healthcare is an advantage but not essential. - Strong engineering background   - Application architecture experience   - Federal Government contracting work experience  - One or more of the following certifications is preferred: - OSCP/OSCE/OWSE - CISSP - GPEN - GXPN  - Security + - CEH Professional Skills: - Good leadership and team-working skills. - Highly effective analytical, problem-solving, and decision-making capabilities. - Excellent communication and interpersonal skills to interface effectively at all levels of the business. - Organized, detailed oriented and able to prioritize and multi-task. - Ability to self-organize, prioritize and conduct work on multiple projects under tight deadlines in a fast-paced environment. - Prior experience working remotely full-time  #DMX-HES Working at ICF ICF is a global advisory and technology services provider, but we’re not your typical consultants. We combine unmatched expertise with cutting-edge technology to help clients solve their most complex challenges, navigate change, and shape the future. We can only solve the world's toughest challenges by building a workplace that allows everyone to thrive. We are an equal opportunity employer. Together, our employees are empowered to share their expertise and collaborate with others to achieve personal and professional goals. For more information, please read our EEO policy. We will consider for employment qualified applicants with arrest and conviction records. Reasonable Accommodations are available, including, but not limited to, for disabled veterans, individuals with disabilities, and individuals with sincerely held religious beliefs, in all phases of the application and employment process. To request an accommodation, please email Candidateaccommodation@icf.com and we will be happy to assist. All information you provide will be kept confidential and will be used only to the extent required to provide needed reasonable accommodations.  Read more about workplace discrimination rights or our benefit offerings which are included in the Transparency in (Benefits) Coverage Act. Candidate AI Usage Policy At ICF, we are committed to ensuring a fair interview process for all candidates based on their own skills and knowledge. As part of this commitment, the use of artificial intelligence (AI) tools to generate or assist with responses during interviews (whether in-person or virtual) is not permitted. This policy is in place to maintain the integrity and authenticity of the interview process.  However, we understand that some candidates may require accommodation that involves the use of AI. If such an accommodation is needed, candidates are instructed to contact us in advance at candidateaccommodation@icf.com. We are dedicated to providing the necessary support to ensure that all candidates have an equal opportunity to succeed.   Pay Range - There are multiple factors that are considered in determining final pay for a position, including, but not limited to, relevant work experience, skills, certifications and competencies that align to the specified role, geographic location, education and certifications as well as contract provisions regarding labor categories that are specific to the position. The pay range for this position based on full-time employment is: $98,614.00 - $167,644.00 Nationwide Remote Office (US99)