Security Compliance Analyst

Join Sonsoft Inc. as an Infrastructure Security Vulnerability Analyst, where you'll play a crucial role in identifying and mitigating security risks within our infrastructure. As part of our dynamic security team, you will work with cutting-edge technologies to enhance our security posture and ensure the integrity of our systems.

Join Sonsoft Inc., a leading technology solutions provider, as a Vulnerability Analyst focusing on Infrastructure Security. In this role, you will be responsible for identifying and mitigating security vulnerabilities in our infrastructure systems. You will work closely with cross-functional teams to ensure that our security measures are robust and effective. Your expertise will help shape our security strategy and safeguard our systems against potential threats.

Join Sonsoft Inc. as a Vulnerability Assessment Specialist focusing on Infrastructure Security. In this role, you will be integral to our mission of safeguarding our clients’ infrastructures against potential threats. You will utilize your skills to identify, analyze, and remediate vulnerabilities, ensuring robust security measures are in place.

Astranis Space Technologies Corp. is seeking a dedicated Vulnerability Management Analyst to join our growing team in San Francisco. In this role, you will be instrumental in identifying and mitigating vulnerabilities across our systems and applications. You will collaborate with various teams to enhance our security posture and ensure the integrity of our operations.Key responsibilities include conducting vulnerability assessments, managing remediation efforts, and providing insights on security best practices. Your analytical mindset and attention to detail will contribute significantly to our mission of delivering innovative satellite technology to improve global connectivity.

About AnthropicAt Anthropic, we are dedicated to developing trustworthy, interpretable, and controllable AI systems. Our vision is to ensure that AI remains safe and beneficial for our users and society. Our rapidly expanding team consists of passionate researchers, engineers, policy specialists, and business leaders collaborating to create forward-thinking AI solutions.About the RoleIn the position of Technical Program Manager for Security, focusing on Coordinated Vulnerability Disclosure (CVD), you will establish and steer the initiatives that dictate how Anthropic responsibly reveals software vulnerabilities identified by our AI-driven tools, such as Claude, Patchy, and Claude Code. These advanced tools have already uncovered genuine zero-day vulnerabilities in critical software including Firefox and the Linux kernel. The challenge now extends beyond merely identifying vulnerabilities; it encompasses managing the fallout of these discoveries at an unprecedented scale and speed.Conventional coordinated disclosure frameworks were designed for a time when a researcher might uncover a significant vulnerability every few weeks. The AI-powered discovery landscape has dramatically transformed this paradigm; for instance, Claude can identify hundreds of issues within a single codebase in just one day. Your role is crucial in guaranteeing that every finding is communicated to the appropriate maintainer, at the right speed, with the necessary context, while ensuring Anthropic adheres to its Responsible Scaling Policy (RSP) commitments.You will oversee the complete CVD lifecycle: from internal assessment and human validation of AI-generated findings to tiered disclosure timelines and external coordination with vendors, open-source maintainers, and relevant organizations. This role necessitates extensive collaboration across Security Engineering, Legal, Communications, Product, and Frontier Red Team to ensure Anthropic serves as a responsible steward of the vulnerabilities its tools reveal.Responsibilities:Lead the CVD program strategy and implementation: Define and steer the roadmap for coordinated vulnerability disclosure, from AI-generated findings to maintainer notifications, remediation tracking, and public disclosure. Ensure alignment with Anthropic’s security posture and RSP compliance requirements.Oversee internal triage and quality assurance: Establish and manage a human review process to validate all AI-generated findings before external disclosure. Set minimum confidence thresholds and deduplicate against known CVEs.

Join Sonsoft Inc. as a Vulnerability Assessment Specialist and play a crucial role in safeguarding our organization's digital assets. You will conduct thorough assessments of our systems and applications to identify vulnerabilities and recommend remediation strategies. This position requires a keen eye for detail and a solid understanding of cybersecurity best practices.

Join Cloudflare as a Vulnerability Management Engineer, where you will play a critical role in identifying, assessing, and mitigating vulnerabilities across our systems. You will work closely with security teams to implement robust vulnerability management processes, ensuring our infrastructure remains secure. This is an exciting opportunity to enhance your skills in a dynamic and fast-paced environment.

Join Lambda, a pioneering force in AI cloud infrastructure, dedicated to revolutionizing the way organizations harness computational power. Serving a diverse clientele that includes AI researchers and enterprise giants, Lambda's commitment is to make high-performance computing as accessible as electricity, empowering individuals and businesses alike to achieve superintelligence. If you're passionate about building the most advanced AI cloud platform, we would love to have you onboard.*Note: This role requires you to be present at our San Francisco or San Jose office 4 days a week, with Tuesday designated as the work-from-home day.Key ResponsibilitiesEnsure organizational security practices align with ISO 27001, 27701, PCI, SOC 2, and other regulatory frameworks to support business objectives.Oversee IT Risk Register, focusing on risk identification, tracking, and prioritization.Lead the remediation of control deficiencies and gaps.Provide expert guidance to Control Owners for the planning, design, implementation, and maintenance of security controls, policies, and standards.Engage with both technical and non-technical stakeholders to discuss cybersecurity risk management and program reporting.Support the Customer Trust program, which includes managing customer assessments and security questionnaires.Assist control owners with root cause analysis and monitor the progress of risk management action plans.Develop risk metrics for management regarding information security control maturity, compliance status, and performance findings. Support third-party risk management assessments to ensure compliance with information security requirements.Your ProfileMinimum of 8 years of experience in cybersecurity risk and controls management, with a deep understanding of frameworks like ISO 27001, 27701, PCI-DSS, SOC, NIST CSF, and other regulatory requirements.Proven experience in managing audits and certification programs, including scope planning and developing control procedures aligned with policies and standards.

Role Overview mercor is hiring a Cloud Infrastructure Security Engineer in San Francisco. This role focuses on protecting cloud systems, maintaining data integrity, and applying security protocols to guard against new threats. Collaboration with cross-functional teams is central to designing and maintaining secure cloud environments.

About the Role mercor is hiring a Cloud Infrastructure Security Engineer in San Francisco or New York City. This role focuses on protecting cloud-based systems and data across the company. The engineer will design, implement, and monitor security controls to defend cloud infrastructure against threats. What You Will Do Develop and maintain security measures for cloud environments Monitor cloud infrastructure for vulnerabilities and incidents Respond to security threats and support incident investigations Work to ensure compliance with industry security standards Contribute expertise to strengthen overall security posture Location This position is based in San Francisco or New York City.

At Thinking Machines Lab, our mission is to empower humanity by advancing collaborative general intelligence. We are dedicated to building a future where everyone can access the knowledge and tools necessary to harness AI for their unique needs and objectives.We are a team of scientists, engineers, and builders who have developed some of the most widely used AI products, including ChatGPT and Character.ai, and contributed to open-weight models like Mistral, along with popular open-source projects such as PyTorch, OpenAI Gym, Fairseq, and Segment Anything.About the RoleWe are seeking an Infrastructure Engineer to take charge of evolving the security infrastructure that supports our foundational models. In this pivotal role, you will collaborate across computing, storage, networking, and data platforms to ensure our systems remain secure, reliable, and scalable. You will design controls, architecture, and tooling that embed security into the platform's core functionalities. Working closely with research and product teams, you will enable them to operate swiftly while safeguarding our models, data, and environments.Note: This is an "evergreen role" that we maintain for ongoing interest. While we receive numerous applications, there may not always be an immediate position that perfectly matches your skills and experience. We encourage you to apply, as we continuously assess applications and reach out to candidates when new opportunities arise. Feel free to reapply if you gain more experience, but please refrain from applying more than once every six months. Additionally, we occasionally post openings for specific roles to meet project or team-specific needs, and in those cases, you are welcome to apply directly in conjunction with this evergreen role.What You’ll DoDesign security patterns for platforms and services, including network segmentation, service-to-service authentication, RBAC, and policy enforcement in Kubernetes and cloud environments.Oversee identity, access, and secrets management for users and services: workload and cross-cloud identity, least-privilege IAM, and secrets management.Create secure platforms for data ingestion, processing, and curation, encompassing classification, encryption, access controls, and safe sharing practices across teams.Develop threat models and review designs with researchers and engineers to facilitate safe and scalable feature launches.Automate security checks and implement guardrails: policy-as-code, secure infrastructure baselines, CI/CD validation, and tools that streamline secure operations.

We are seeking a talented and dedicated Staff Security Engineer to join our dynamic team at fal. In this role, you will be vital in enhancing our infrastructure's security posture while ensuring compliance with industry standards and best practices.Your expertise will contribute to designing, implementing, and maintaining robust security solutions that safeguard our systems and data. You will collaborate closely with cross-functional teams to identify vulnerabilities and develop effective mitigation strategies.

Join Scale AI as a talented Infrastructure Security Engineer, where you'll play a pivotal role in safeguarding the integrity and security of our platform. This position focuses on securing expansive cloud environments, managing and fortifying various compute clusters, and reviewing infrastructure as code. Your proficiency in cloud security, infrastructure automation, and advanced security practices will be crucial in upholding and advancing our security framework.Your responsibilities include:Securing infrastructure across major cloud hosting platforms (e.g., AWS, Azure, GCP).Implementing and maintaining comprehensive security configurations and policies for cloud environments.Conducting regular security assessments and audits to identify vulnerabilities and propose enhancements.Developing and enforcing security best practices for infrastructure automation and orchestration.Collaborating with Developer Experience, IT, and product teams to integrate security into every phase of the infrastructure lifecycle.Reviewing and securing infrastructure as code (e.g., Terraform, CloudFormation).Mentoring team members on infrastructure security best practices and emerging threats.

About SemgrepSemgrep is at the forefront of code security for developers, enabling innovative work without compromising safety. Our platform allows teams to identify, report, and rectify genuine issues before deployment, supported by an intelligent security system that evolves alongside development. Semgrep enhances code security as it is authored, providing essential guardrails that allow developers to operate swiftly while maintaining security. Built for creators and endorsed by security professionals, our solution integrates seamlessly into developers' workflows, delivering solutions that preserve productivity while granting security teams enhanced oversight, control, and assurance. As Semgrep evolves, our AI adapts to your context, minimizing false positives and prioritizing actionable vulnerabilities, a claim validated by 95% of security reviewers across over 6 million findings. We are committed to making zero false positives a reality, enabling AppSec teams to manage 80% fewer false alarms across Code and Supply Chain, significantly reducing backlog.Founded in San Francisco and supported by investors such as Menlo Ventures, Felicis Ventures, Lightspeed Venture Partners, Redpoint Ventures, and Sequoia Capital, Semgrep has been acknowledged by Gartner in Application Security Testing and is trusted by top-tier organizations like Snowflake, Dropbox, and Figma. Discover more at semgrep.dev.About the RoleAs the Security Research Manager for the Coverage Team, you will spearhead a group of Security Researchers dedicated to enhancing detection rules for Secrets, Code, and Supply Chain across all Semgrep products. Your responsibilities will include:Crafting high-quality detection rulesInnovating research and automation techniques to expedite and enhance rule creationEvaluating and elevating the overall quality and scope of detectionsIn this managerial role, you will report directly to the Head of Security Research. You will define the strategic roadmap, collaborate with Product Management to concentrate on the most impactful detection areas, and drive ongoing enhancements in both detection accuracy and coverage breadth. Achieving success in this position means leading a team that produces exceptional detections, scales rule generation through automation and AI, and expands the limits of contemporary vulnerability research.Your Responsibilities:Recruit, mentor, and nurture your team, fostering a productive, engaging, diverse, and inclusive workplace that aligns with Semgrep's core valuesCollaborate closely with product management, sales, and development teams across all product linesAnalyze, measure, and enhance the velocity and quality of Semgrep detections

Astranis is at the forefront of satellite technology, developing advanced satellites designed for high orbits to extend humanity's reach into the solar system. Our cutting-edge satellites deliver dedicated, secure networks to a diverse clientele, including large enterprises, government agencies, and the US military. With five satellites currently in orbit and several more set to launch, Astranis is managing a robust pipeline of over $1 billion in commercial contracts.As a leading satellite communications partner, we cater to clients with rigorous demands for uptime, data security, network visibility, and customization. Backed by over $750 million from notable investors like Andreessen Horowitz, Blackrock, and Fidelity, our team of 450 engineers and entrepreneurs operates from our state-of-the-art 153,000 sq. ft. headquarters in Northern California.Position Overview:Astranis is seeking a passionate and driven Security Operations Analyst, ready to navigate the complexities of digital security. The ideal candidate possesses a robust enthusiasm for cybersecurity, with a talent for dissecting malware, unraveling phishing schemes, and leading incident response efforts. As cyber threats evolve rapidly, we require a proactive and innovative individual who is committed to safeguarding our digital landscape and maintaining the integrity of our data and systems.Key Responsibilities:Continuously monitor and analyze security alerts and incidents in real-time utilizing tools like Splunk. React promptly and effectively to security events.Collaborate with team members to identify and mitigate security incidents, providing support during incidents and participating in post-incident analyses.Dissect and analyze malware to comprehend its behavior, origins, and impact, leveraging insights to strengthen our defenses.Investigate phishing attempts, pinpointing attack vectors and recommending preventive measures.Develop, integrate, and manage various security tools and solutions.Participate in red and purple team exercises.Maintain and update security documentation, including procedures, runbooks, and policies related to Splunk and security operations.Engage in enhancing security monitoring and incident response processes.Learn and apply various cybersecurity tools and technologies.

Join Mindlance as a Cyber Intelligence Security Analyst and be at the forefront of safeguarding our digital assets. In this role, you will leverage your analytical skills to monitor, assess, and mitigate security threats while collaborating with cross-functional teams to enhance our cyber defense strategies. This position offers a unique opportunity to contribute to the security posture of a leading organization in a dynamic environment.

Are you passionate about enhancing cybersecurity and protecting sensitive information? Join our team as a Vulnerability Assessment Consultant. In this role, you will conduct thorough assessments to identify vulnerabilities in our clients' networks and systems, providing actionable insights to mitigate risks and enhance security.

Join our dynamic team at Sonsoft Inc. as a Vulnerability Assessment Specialist. In this pivotal role, you will be responsible for identifying, analyzing, and mitigating security vulnerabilities within our IT infrastructure. You will work closely with cross-functional teams to ensure our systems are robust against potential threats.Your expertise will help us maintain the highest standards of security and compliance, ultimately protecting our valuable data and resources.

As Scale AI continues to broaden its product offerings and customer base, we are actively seeking talented DevOps Engineers in the Public Sector who will take a leading role in enhancing our Continuous Integration/Continuous Deployment (CI/CD) pipelines. Your contribution will be vital in optimizing our Software Development Life Cycle (SDLC), transitioning from manual, fragmented deployments to a cohesive and automated system.In this position, you will develop an in-depth understanding of our core product architecture, allowing you to deploy and manage systems effectively. A key responsibility will involve integrating various machine learning (ML) tasks and updates into our SDLC, transforming isolated ML components into an integrated and automated workflow. Although direct ML experience is not mandatory, a genuine interest in learning and incorporating ML elements into our processes is essential.Your Responsibilities:Design, develop, and maintain efficient CI/CD pipelines for our low-side and high-side products.Work collaboratively with product and engineering teams to enhance existing application code for better compatibility and streamlined integration within automated pipelines.Contribute innovative ideas to improve the architecture and design of our deployment systems, increasing efficiency and reliability.Troubleshoot complex deployment issues, ensuring minimal disruption to development cycles.Gain a comprehensive understanding of our product and machine learning architectures to facilitate seamless integration and deployment.Document pipeline processes and configurations for maintainability and knowledge transfer.Integrate security best practices into every stage of the CI/CD pipeline, ensuring security is a foundational element of our development processes.Encourage standardization and collaboration across various product teams to achieve a unified and efficient SDLC.