Security Engineer Remote Jobs in Pennsylvania (US)
This page tracks remote security engineer openings that are location-eligible for Pennsylvania.
This page tracks remote security engineer openings that are location-eligible for Pennsylvania.
Open jobs
3,856
Hiring companies this week
8
Salary sample
$97,968 - $160,700
Jobs added last hour
0
3856 Jobs
1962 Companies
• Own a multi-effort IT/security hardening roadmap and drive it to delivered, validated controls. • Direct external IT partner(s) on implementation: scope, acceptance, quality. • Make and defend implementation and sequencing decisions; escalate risk and budget. • Run validation, phased rollout, and user-facing change. • Keep the work aligned to HIPAA and to HITRUST / SOC 2 Type 2. • Own corporate-IT control domains for our audits, maintain evidence, and engage Assessors.
Runpod is pioneering the future of AI and machine learning, offering cutting-edge cloud infrastructure for full-stack AI applications. Founded in 2022, we are a rapidly growing, well-funded company with a remote-first organization spread globally. Our mission is to empower innovators and enterprises to unlock AI's true potential, driving technology and transforming industries. Join us as we shape the future of AI. We are building Cloud services focused on accelerating AI adoption. Whether you're an experienced ML developer training a large language model, or an enthusiast tinkering with stable diffusion, we strive to make GPU compute as seamless and affordable as possible.
Runpod is the AI Developer Cloud. More than one million developers, from indie researchers to teams running frontier models in production, use Runpod to experiment, train, fine-tune, deploy, and scale AI on one platform. The platform has processed more than 20 billion inference requests. We closed a $100M Series A in June 2026. We're at an inflection point for AI infrastructure, and we're building the platform the next generation of developers will depend on. We're a small, remote-first team. We take ownership seriously, move fast, and ship work that more than a million developers rely on every day. We're looking for people who care deeply, build with urgency, and want to matter at scale. Learn more in our CEO's funding announcement: https://www.runpod.io/blog/one-million-developers. As RunPod continues to revolutionize the GPU cloud computing landscape, we are seeking a Full Stack Security Engineer to secure our customer-facing products, APIs, and internal services. This critical position will ensure the security of the software that powers our platform, enabling continued growth while protecting user data, billing systems, and web interfaces. The ideal candidate possesses strong software development abilities coupled with deep experience in application security, DevSecOps, and modern web architectures. You will embed directly with our engineering teams to ensure our product is secure by design. RunPod is seeking a proactive AppSec professional who believes in Integrated Security. You won't just toss PDF reports over the fence; you will write code to fix vulnerabilities, build automated security guardrails into our CI/CD pipelines, and foster a security-first culture among our developers. Responsibilities: - Product Security: Lead threat modeling, architecture reviews, and code reviews for our web applications, APIs, and microservices. - Vulnerability Remediation: Actively develop and commit code to fix security flaws in our Python, Go, or JavaScript/TypeScript codebases alongside the engineering team. - DevSecOps: Implement, tune, and manage security testing tools (SAST, DAST, SCA) within our CI/CD pipelines to catch vulnerabilities early in the SDLC. - Edge & Application Defense: Configure and manage application-layer security controls, including Web Application Firewalls (WAF), bot protection, and API gateways. - Security Championing: Provide security guidance, secure coding training, and standard operating procedures to development teams. - Compliance & Operations: Collaborate with operations to ensure product-level adherence to relevant frameworks (e.g., SOC 2, ISO 27001, GDPR) and participate in bug bounty triage. Required Qualifications: - 5+ years of experience in application security, product security, or as a software engineer with a heavy security focus. - Strong programming and code-review skills in languages like Python, Go, JavaScript/TypeScript, or similar modern stacks. - Deep understanding of web application vulnerabilities (OWASP Top 10), API security (REST/GraphQL), and modern authentication flows (OAuth, OIDC, JWT). - Hands-on experience with offensive web security testing tools (e.g., Burp Suite, ZAP). - Experience building and maintaining automated security pipelines (DevSecOps). - Ability to translate complex security risks into actionable engineering tasks. Preferred Qualifications: - Relevant application security certifications (e.g., OSWE, GWAPT, CISSP). - Experience securing cloud-native applications running on Kubernetes/Docker environments. - Background in managing bug bounty programs or coordinated vulnerability disclosures. What You’ll Receive: - The competitive base pay for this position ranges from ($152,000 - $175,000). This salary range may be inclusive of several career levels at Runpod and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location - Meaningful equity in a fast-growing company- everyone on the team receives stock options — your impact drives our growth, and you share in the upside. - Generous medical, dental & vision plans - Flexible PTO- take the time you need to recharge - Most roles are remote work first with an inclusive, collaborative teams utilizing slack as the main form of internal communication - Join a passionate team on the cutting edge of AI infrastructure — where culture, learning, and ownership are at the heart of how we scale. - $1,200 Home Office & Equipment Stipend- We set you up for success from day one with gear and support to create your ideal workspace Runpod is committed to maintaining a workplace free from discrimination and upholding the principles of equality and respect for all individuals. We believe that diversity in all its forms enhances our team. As an equal opportunity employer, Runpod is committed to creating an inclusive workforce at every level. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, protected veteran status, disability status, or any other characteristic protected by law. We welcome every qualified candidate eligible to work in the United States; however, we are currently unable to sponsor employment visas.
Runpod is pioneering the future of AI and machine learning, offering cutting-edge cloud infrastructure for full-stack AI applications. Founded in 2022, we are a rapidly growing, well-funded company with a remote-first organization spread globally. Our mission is to empower innovators and enterprises to unlock AI's true potential, driving technology and transforming industries. Join us as we shape the future of AI. We are building Cloud services focused on accelerating AI adoption. Whether you're an experienced ML developer training a large language model, or an enthusiast tinkering with stable diffusion, we strive to make GPU compute as seamless and affordable as possible.
Runpod is the AI Developer Cloud. More than one million developers, from indie researchers to teams running frontier models in production, use Runpod to experiment, train, fine-tune, deploy, and scale AI on one platform. The platform has processed more than 20 billion inference requests. We closed a $100M Series A in June 2026. We're at an inflection point for AI infrastructure, and we're building the platform the next generation of developers will depend on. We're a small, remote-first team. We take ownership seriously, move fast, and ship work that more than a million developers rely on every day. We're looking for people who care deeply, build with urgency, and want to matter at scale. Learn more in our CEO's funding announcement: https://www.runpod.io/blog/one-million-developers. As RunPod continues to revolutionize the GPU cloud computing landscape, we are seeking a systems-focused Cloud Infrastructure Security Engineer. This critical position is instrumental in safeguarding our bare-metal and virtualized environments, ensuring the absolute security, multi tenant isolation, and integrity of our underlying GPU cloud infrastructure. The ideal candidate possesses deep knowledge of Linux systems, kernel internals, hypervisors, and containerization. You will focus on the lowest levels of our stack—preventing tenant breakouts, securing GPU hardware allocations, and building resilient infrastructure to support AI and machine learning workloads. RunPod is seeking an innovative security engineer who thrives at the systems layer. You will operate with an Attacker's Mindset, actively hunting for ways to break container and virtualization boundaries, and then writing the low-level code to patch them. Responsibilities: - Systems Isolation: Design and implement robust workload and network isolation architectures for RunPod's multitenant GPU bare-metal and virtualized environments. - Kernel & Container Security: Harden Linux kernel configurations, container runtimes (e.g., Docker, containerd), and orchestration layers (e.g., Kubernetes) against breakouts and privilege escalation. - Infrastructure Threat Modeling: Conduct deep-dive security assessments and penetration testing specifically targeting our hypervisor, network stack, and hardware interfaces. - Active Defense: Write code (primarily C, Go, or Rust) to implement custom security controls, telemetry, and fixes at the OS and infrastructure level. - Hardware Security: Evaluate and mitigate security considerations specific to GPU architecture, PCIe pass-through, and shared memory spaces. - Incident Response: Serve as the technical escalation point for infrastructure-level security incidents, developing forensic capabilities for ephemeral container environments. Required Qualifications: - 5+ years of experience in infrastructure or systems-level security engineering. - Extensive knowledge of Linux kernel internals (cgroups, namespaces, eBPF, SELinux/AppArmor). - Deep understanding of virtualization technologies (KVM, QEMU) and workload/network isolation techniques in multitenant environments. - Strong systems-level programming skills in C, Go, Rust, or Python. - Familiarity with GPU architecture and hardware-level security considerations. - Experience in securing bare-metal cloud infrastructure and mitigating lower-level CVEs. Preferred Qualifications: - Contributions to open-source systems security projects or virtualization research. - Experience writing or deploying eBPF-based security tooling. - Deep knowledge of low-level networking protocols and virtualized network security. What You’ll Receive: - The competitive base pay for this position ranges from ($152,000 - $175,000). This salary range may be inclusive of several career levels at Runpod and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location - Meaningful equity in a fast-growing company- everyone on the team receives stock options — your impact drives our growth, and you share in the upside. - Generous medical, dental & vision plans - Flexible PTO- take the time you need to recharge - Most roles are remote work first with an inclusive, collaborative teams utilizing slack as the main form of internal communication - Join a passionate team on the cutting edge of AI infrastructure — where culture, learning, and ownership are at the heart of how we scale. - $1,200 Home Office & Equipment Stipend- We set you up for success from day one with gear and support to create your ideal workspace Runpod is committed to maintaining a workplace free from discrimination and upholding the principles of equality and respect for all individuals. We believe that diversity in all its forms enhances our team. As an equal opportunity employer, Runpod is committed to creating an inclusive workforce at every level. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age, marital status, protected veteran status, disability status, or any other characteristic protected by law. We welcome every qualified candidate eligible to work in the United States; however, we are currently unable to sponsor employment visas.
CrowdStrike is an award-winning, global provider of cloud-delivered security technology, threat intelligence, and next-generation endpoint protection. Founded i
As a global leader in cybersecurity, CrowdStrike protects the people, processes and technologies that drive modern organizations. Since 2011, our mission hasn’t changed — we’re here to stop breaches, and we’ve redefined modern security with the world’s most advanced AI-native platform. We work on large scale distributed systems, processing almost 3 trillion events per day and this traffic is growing daily. Our customers span all industries, and they count on CrowdStrike to keep their businesses running, their communities safe and their lives moving forward. We're proud to work for a mission-driven company leveraging AI to transform the way we work. CrowdStrikers drive their careers through flexibility and autonomy while also being expected to contribute to a culture of responsible AI adoption, experimentation, and innovation. We use an AI-first mindset as a force multiplier to proactively and continuously accelerate execution, build expertise, uncover insights, and solve complex problems. We’re always looking to add talented CrowdStrikers to the team who have limitless passion, a relentless focus on innovation and a fanatical commitment to our customers, our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you. About The Role: At CrowdStrike, we are redefining security for the modern era. As a Staff Technical Marketing Manager for Falcon Secure Access, you will help shape how customers secure work in the browser, protect access across managed and unmanaged devices, reduce legacy access complexity, govern AI usage, and stop adversaries before browser-based threats become breaches. You will also influence the product marketing strategies that drive adoption, competitive wins, and CrowdStrike’s mission to stop breaches. The Staff Technical Marketing Manager (Staff TMM) for Browser Security and Secure Access (Falcon Secure Access) combines advanced technical expertise with product marketing leadership to shape how CrowdStrike positions, markets, and delivers modern browser-native security, secure enterprise access, and Zero Trust access solutions, including CrowdStrike Falcon Secure Access. This role is ideal for a hands-on technical marketing expert with a strong background in network security, secure remote access, VPN, ZTNA, SASE/SSE, enterprise browser security, or identity-aware access who can translate complex technical capabilities into compelling demos, technical narratives, and go-to-market content. Reporting to the Sr. Director of Technical Marketing, you will serve as an individual contributor within the Product Marketing team. You will play a critical role in defining messaging, creating compelling technical stories, and driving go-to-market success for Falcon Secure Access. Your work will directly influence product positioning, customer adoption, competitive win rates, and CrowdStrike’s leadership in modern secure access, Zero Trust browser security, remote connectivity, safe browsing, BYOD and contractor access, and AI security. As a Staff TMM, you act as both a technical subject matter expert and a product marketing partner, producing world-class product demonstrations, workshops, and technical content while also shaping the stories and strategies that resonate with customers, analysts, and the market. You will help CrowdStrike communicate how Falcon Secure Access enables organizations to reduce reliance on legacy VPN and VDI approaches, protect browser-based work, govern AI usage, secure unmanaged devices, and enforce adaptive access controls without disrupting user productivity. You will work cross-functionally with Product Marketing, Product Management, Sales Engineering, Sales, Analyst Relations, Enablement, Competitive Intelligence, and Field teams to ensure that CrowdStrike’s messaging is both technically accurate and market-winning. This is an individual contributor, hands-on role. What You'll Do: - Develop compelling demonstrations, hands-on labs, and workshops that showcase the value and differentiation of Falcon Secure Access across key customer use cases. - Create high-impact technical content, including demo videos, solution briefs, blogs, whitepapers, and technical articles that educate customers and accelerate adoption. - Author practitioner-level guides and implementation-focused content that help customers evaluate, deploy, and operationalize secure access, browser security, VPN modernization, unmanaged device protection, and AI security. - Partner with Product Marketing to shape positioning, messaging, product launches, and go-to-market strategies for browser security and secure access. - Translate technical capabilities into customer-centric narratives that resonate with security practitioners, architects, IT leaders, and executive buyers. - Collaborate with Product Management to understand roadmap priorities and transform new capabilities into compelling market-facing stories and demonstrations. - Work closely with Sales Engineering and Enablement to develop sales plays, competitive messaging, demo flows, and technical training. - Support Analyst Relations by delivering technical product briefings, live demonstrations, and deep-dive sessions that showcase CrowdStrike's innovation and differentiation in browser security, Zero Trust, and secure access. - Represent CrowdStrike at conferences, customer meetings, webinars, and industry events as a technical subject matter expert and product evangelist. - Analyze customer requirements, competitive dynamics, and market trends to strengthen CrowdStrike's leadership in secure access, browser security, Zero Trust, and AI security. What You’ll Need: - 10+ years of cybersecurity, network security, secure access, or browser security experience strongly preferred, in roles such as Technical Marketing Engineer, Sales Engineer, Network Security Architect, Security Architect, Solutions Architect, Technical Product Marketing Manager, or Secure Access/SASE Specialist - Deep expertise in network security and secure access technologies, including ZTNA, SWG, SASE/SSE, CASB, VPN replacement, VDI alternatives, identity-aware access, policy-based access control, and enterprise/browser security - Strong understanding of key customer use cases, including remote connectivity, private application access, BYOD and contractor access, unmanaged device security, safe browsing, and secure access to SaaS and internal applications - Understanding of AI security and governance challenges, including shadow AI discovery, GenAI data exposure, AI browser extensions, sensitive data controls, and policy enforcement at the point of user interaction - Proven experience creating and delivering complex technical demos, hands-on workshops, technical enablement, and customer-facing content for cybersecurity solutions - Proven ability to influence product marketing strategies, including positioning, messaging, product launches, GTM campaigns, competitive differentiation, and field enablement - Excellent communication and presentation skills, with the ability to translate highly technical capabilities into clear customer value for technical practitioners, network architects, security leaders, and executive buyer - Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes. #LI-SC1 #LI-Remote Benefits of Working at CrowdStrike: - Market leader in compensation and equity awards - Comprehensive physical and mental wellness programs - Competitive vacation and holidays for recharge - Paid parental and adoption leaves - Professional development opportunities for all employees regardless of level or role - Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections - Vibrant office culture with world class amenities - Great Place to Work Certified™ across the globe CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program. CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance. Find out more about your rights as an applicant. CrowdStrike participates in the E-Verify program. Notice of E-Verify Participation Right to Work CrowdStrike, Inc. is committed to fair and equitable compensation practices. Placement within the pay range is dependent on a variety of factors including, but not limited to, relevant work experience, skills, certifications, job level, supervisory status, and location. The base salary range for this position for all U.S. candidates is $145,000 - $220,000 per year, with eligibility for bonuses, equity grants and a comprehensive benefits package that includes health insurance, 401k and paid time off.For detailed information about the U.S. benefits package, please click here. Expected Close Date of Job Posting is:09-14-2026
Continuously Strengthen Your Cyber Defenses and Proactively Manage Threat Exposure.
• Own the post-sales relationship for assigned customers, ensuring successful onboarding, adoption, and value realization. • Serve as the primary customer contact, providing guidance, strategy, and best practices to maximize platform impact. • Partner with technical and operational teams to translate customer goals into measurable outcomes. • Proactively identify risks to customer success and develop mitigation strategies. • Collaborate with internal teams—including Product, Sales, and Engineering—to champion customer needs and feedback. • Lead customer business reviews, demonstrating ROI and strategic alignment. • Develop a deep understanding of each customer’s cybersecurity objectives, operational workflows, and maturity level. • Drive renewals and expansion opportunities by ensuring customer satisfaction and long-term engagement.
Leidos is an innovation company rapidly addressing the world’s most vexing challenges in national security and health.
Role Description The Digital Modernization Sector at Leidos currently has an opening for a Zero Trust Cyber Security Engineer. This is a fantastic opportunity to work remotely, as well as use your expertise helping protect our military families, supporting the Veterans Administration (VA) Zero Trust Architecture (ZTA) Program. As a Zero Trust Cyber Security Engineer, you will be responsible for assessing the design, implementation, maintenance and reporting of the VA’s Zero Trust architecture, to ensure the highest level of security across VA’s digital assets. You will collaborate with cross-functional teams to establish and enhance the Zero Trust framework, minimizing risk exposure and protecting sensitive information from potential threats. - Assess infrastructure compliance with the Department of Defense Zero Trust Maturity Model. - Produce a Monthly Maturity Scorecard report based on customer driven parameters. - Create a dashboard for the Monthly Maturity Scorecard report. - Determine and report the percentage compliance achieved in each Zero Trust Pillar's capability grouping. - Evaluate each Zero Trust Pillar and recommend targeted areas for improvement. - Update the dashboard data from the Monthly Maturity Scorecard and underlying data. - Cover the assessment approach using the CISA/DoD Zero Trust Maturity Models. - Expand VA specific reference architecture target capabilities. - Document how VA needs to implement ZTA on the target architecture at the conceptual, logical, and implementation layers. - Work with the ZTA Pillar Leads to determine if existing toolsets can be utilized or if any additional tools are required. - Assist with assembling ZTA Engineering and Implementation plans to include process to implement the ZTA Use Cases on VA information systems, making considerations for all variations in VA information systems. - Update the plans based on new cases, deployments, stakeholder, and system owner feedback. - Complete 100 information system implementations in each period of performance. - Work with VA Office of Information Security (OIS) to board the systems to an Operations and Maintenance Risk Management Framework process. Qualifications - Bachelor's degree and 10+ years of cybersecurity engineering experience or 18+ years of established industry experience. - Must be able to obtain and maintain a Public Trust. - Experience in dashboard creation. - Proven experience as a Cyber Security Engineer, with a focus on implementing and maintaining Zero Trust architectures. - In-depth knowledge of Zero Trust principles, IAM, micro-segmentation, network security, and encryption techniques. - Experience with industry-leading security tools and technologies, such as firewall solutions, intrusion detection/prevention systems, and SIEM tools. - Familiarity with relevant industry regulations and compliance requirements, including NIST 800-207, OMB M-22-09, CISA Zero Trust Security Model, Executive Order 14028 – Improving the Nation’s Cybersecurity. - Strong problem-solving skills and the ability to work effectively in a fast-paced, collaborative environment. - Excellent communication skills to convey complex security concepts to technical and non-technical stakeholders. Preferred Qualifications - CSA Certificate in Zero Trust, Forrester Zero Trust Strategy Certification, CISSP, CISM, CCSP, or other related certifications. - Prior experience in a similar role or within the cybersecurity domain. - Experience with eMASS. - Experience with ServiceNow CAM. - VA directive and policy knowledge. - Familiarity with industry tools and solutions that support Zero Trust architectures, such as software-defined perimeter (SDP) tools, identity and access management solutions, and micro-segmentation technologies. - Current VA PIV. Pay Range Pay Range $107,900.00 - $195,050.00. The Leidos pay range for this job level is a general guideline only and not a guarantee of compensation or salary. Additional factors considered in extending an offer include (but are not limited to) responsibilities of the job, education, experience, knowledge, skills, and abilities, as well as internal equity, alignment with market data, applicable bargaining agreement (if any), or other law.
A business unit of General Dynamics, General Dynamics Information Technology (GDIT) supports some of the United States' most complex government, defense, and in
Role Description Advance your career while impacting our national security in cyber as a Cybersecurity Engineer Senior at GDIT. Here, technologists have many paths to grow a meaningful career supporting cyber missions and operations across the federal government. As a Cybersecurity Engineer Senior, the work you’ll do at GDIT will be impactful to the mission supporting security infrastructure for the CMS Center for Clinical Standards and Quality (CCSQ). You will play a crucial role in: - Implementing, configuring, and maintaining security tools including SkyHigh Web Gateway, CISCO FirePower, CrowdStrike Falcon, and Palo Alto NGFW. - Responding to potential and confirmed security incidents in the CCSQ Cloud Environment. - Working with an existing team of Cyber Security Engineers to support privacy and security of the cloud program. - Advising application development teams hosted in the cloud environment in addressing findings from the security tools. - Patching security tools for optimal security posture. - Responding to application block requests and troubleshooting inquiries. Qualifications - Bachelor's Degree in Computer Science or related technical discipline, or equivalent combination of education, technical certifications, training, or work experience. - 5+ years of related experience in maintaining security systems in cloud environments. - Experience in Amazon Web Services (AWS) Cloud Environments and the CMS CCSQ/QNET. - Documented history configuring, maintaining, tuning, reporting, and remediating from multiple security tools and services. - Background in AWS Security services including Guard Duty, Security Hub, and Inspector. - Knowledge of system hardening benchmarks such as USGCB & STIG. - SEIM experience with Splunk. Requirements - Strong communication skills. - Ability to work in a fast-paced environment. - Self-motivated with a strong ability to work in a multi-tasking and changing environment. - Experience working in an Agile environment. - Working after hours at scheduled intervals for production deployments or patching cycles. - Demonstrated experience with and exposure to security appliances mentioned. Benefits - Comprehensive benefits and wellness packages. - 401K with company match. - Competitive pay and paid time off. - Full-flex work week to own your priorities at work and at home. - Award-winning culture of innovation and a military-friendly workplace.
Runpod is pioneering the future of AI and machine learning, offering cutting-edge cloud infrastructure for full-stack AI applications. Founded in 2022, we are a rapidly growing, well-funded company with a remote-first organization spread globally. Our mission is to empower innovators and enterprises to unlock AI's true potential, driving technology and transforming industries. Join us as we shape the future of AI. We are building Cloud services focused on accelerating AI adoption. Whether you're an experienced ML developer training a large language model, or an enthusiast tinkering with stable diffusion, we strive to make GPU compute as seamless and affordable as possible.
Role Description As RunPod continues to revolutionize the GPU cloud computing landscape, we are seeking a Full Stack Security Engineer to secure our customer-facing products, APIs, and internal services. This critical position will ensure the security of the software that powers our platform, enabling continued growth while protecting user data, billing systems, and web interfaces. The ideal candidate possesses strong software development abilities coupled with deep experience in application security, DevSecOps, and modern web architectures. You will embed directly with our engineering teams to ensure our product is secure by design. RunPod is seeking a proactive AppSec professional who believes in Integrated Security. You won't just toss PDF reports over the fence; you will write code to fix vulnerabilities, build automated security guardrails into our CI/CD pipelines, and foster a security-first culture among our developers. Responsibilities - Product Security: Lead threat modeling, architecture reviews, and code reviews for our web applications, APIs, and microservices. - Vulnerability Remediation: Actively develop and commit code to fix security flaws in our Python, Go, or JavaScript/TypeScript codebases alongside the engineering team. - DevSecOps: Implement, tune, and manage security testing tools (SAST, DAST, SCA) within our CI/CD pipelines to catch vulnerabilities early in the SDLC. - Edge & Application Defense: Configure and manage application-layer security controls, including Web Application Firewalls (WAF), bot protection, and API gateways. - Security Championing: Provide security guidance, secure coding training, and standard operating procedures to development teams. - Compliance & Operations: Collaborate with operations to ensure product-level adherence to relevant frameworks (e.g., SOC 2, ISO 27001, GDPR) and participate in bug bounty triage. Qualifications - 5+ years of experience in application security, product security, or as a software engineer with a heavy security focus. - Strong programming and code-review skills in languages like Python, Go, JavaScript/TypeScript, or similar modern stacks. - Deep understanding of web application vulnerabilities (OWASP Top 10), API security (REST/GraphQL), and modern authentication flows (OAuth, OIDC, JWT). - Hands-on experience with offensive web security testing tools (e.g., Burp Suite, ZAP). - Experience building and maintaining automated security pipelines (DevSecOps). - Ability to translate complex security risks into actionable engineering tasks. Preferred Qualifications - Relevant application security certifications (e.g., OSWE, GWAPT, CISSP). - Experience securing cloud-native applications running on Kubernetes/Docker environments. - Background in managing bug bounty programs or coordinated vulnerability disclosures. Benefits - The competitive base pay for this position ranges from ($152,000 - $175,000). This salary range may be inclusive of several career levels at Runpod and will be narrowed during the interview process based on a number of factors, including the candidate’s experience, qualifications, and location. - Meaningful equity in a fast-growing company - everyone on the team receives stock options — your impact drives our growth, and you share in the upside. - Generous medical, dental & vision plans. - Flexible PTO - take the time you need to recharge. - Most roles are remote work first with an inclusive, collaborative teams utilizing slack as the main form of internal communication. - Join a passionate team on the cutting edge of AI infrastructure — where culture, learning, and ownership are at the heart of how we scale. - $1,200 Home Office & Equipment Stipend - We set you up for success from day one with gear and support to create your ideal workspace.
Role Description The Information Security Engineer will be responsible for the security of the organization’s Azure and Office 365 services, network, and endpoints. The Information Security Engineer will also support and execute on project tasks and deliverables in support of the organization’s information security roadmap/strategy. - Ensure the organization’s cloud infrastructure and data is secure and protected by implementing appropriate security controls in Azure and Office 365 based upon industry best practices. - Monitor the M365 and Azure Security Score, follow and implement Microsoft’s recommendations and deviate where necessary to continue to strengthen the organization's security posture in Azure and Office 365. - Lead efforts in remediating vulnerabilities and identifying gaps or security deficiencies on all network and endpoint devices using vulnerability management tools and risk assessments. - Manage and maintain Privileged Access Management (PAM) system. - Perform risk assessments and reviews for onboarding practices, third-party vendors, and self-assessments for the organization. - Assist in updating and executing the security awareness program. - Keep abreast of security trends and threats and ensure that the organization’s security practices are updated and aligned. - Serve as the lead and point of contact for all security related events and breaches, coordinating efforts across all technology teams. - Proactively search, detect, and respond to security events and incidents utilizing EDR and SIEM security monitoring tools. - Act as the SME for the organization’s security tools and applications including the evaluation, implementation, and maintenance of such tools. - Support a variety of security initiatives and projects that align with the organization’s information security roadmap. - Other duties as assigned. Qualifications - Expert knowledge and proven experience with cloud and cyber security principles, technologies, and best practices. - Experience with leading and responding to security incidents and events. - Demonstrates professionalism, confidentiality, and diplomacy and can serve a wide range of employees with equity and tact. - Thorough knowledge and understanding of security functions within Azure and Office 365 services. - Thorough knowledge and understanding of network and endpoint security. - Ability to work independently with minimal supervision. - Excellent customer service skills. - Effective verbal and written communication skills. - Ability to establish and maintain effective working relationships with a diverse group of people at all levels of the organization. - Commitment to excellence and high standards. - Detail oriented with strong follow-up initiative. - Versatility, flexibility, and a willingness to work within constantly changing priorities with enthusiasm. Requirements - Bachelor’s degree in cyber security, information technology, and/or equivalent experience. - 3-5 years of experience working as a cyber security analyst or engineer. - ITIL Foundations Certification or willingness to obtain it within one year of hire date. - Knowledge and experience working in a cloud-based infrastructure. Preferred Education and Experience - Healthcare industry experience. - Azure and Office 365 support experience. - CISSP, CCSP or CompTIA Security+ certification. - Knowledge of Cybersecurity Frameworks (NIST CSF, ISO27001, HITRUST, HIPAA). - Strong knowledge and experience with the following: Azure and Office 365 security technologies (Microsoft Defender, Azure Security Center, Azure Sentinel, Microsoft Cloud App Security, Microsoft ATP), EPP and EDR solutions, Email Security and Encryption Services, Data Loss Prevention tools. Benefits - Multiple medical and prescription coverage options. - Dental and vision care plans. - Health Savings Accounts (HSAs), where applicable. - Flexible Spending Accounts (FSAs). - Voluntary critical illness, cancer, and accident insurance. - Voluntary hospital indemnity coverage. - Voluntary short-term and long-term disability insurance. - Voluntary term life insurance and AD&D (Accidental Death & Dismemberment). - 401(k) retirement savings plan. - Paid time off (PTO). - Commuter benefits. - Group auto and homeowners' insurance. Part-time Benefits - Vision. - Flexible Spending Accounts. - MetLife Auto/Vehicle & Home Insurance Discounts.
Defining what it means to build and deliver the most extraordinary sports & entertainment experiences.The Crown is Yours
• Set the security standards and guardrails for the AI platform. • Define the principles, reference architectures, and policy-as-code that all AI tooling at DraftKings adheres to. • Focus on specifying the environment, infrastructure, and authentication methods agents rely on. • Review and build the architecture of AI gateways and tooling. • Provide security review, sign-off, and possibly pair on implementation of these systems. • Streamline how AI services move through InfoSec review. • Reduce AI-driven security noise. • Drive remediation efforts of complex, cross-functional security issues. • Coach and raise the bar by mentoring security and platform engineers.
3,846more opportunities are still waiting for you.Log in now and take your next shot before someone else does.
Firewalls, SIEM, Cyber Security, Amazon IAM, ServiceNow, CMS