Location: Remote
Hours: 8-hour workday with flexible start times
Pay Rate: $90/hr on W2
Type of Hire: 1-year contract to start; potential extension based on performance
You start your morning scanning the latest SCA, SAST, and DAST findings. Critical and high-risk items are quickly validated, false positives are filtered out, and you document clear remediation guidance. When a PatchNow Critical event lands, you lead the scope analysis, route owners, and drive mitigation steps through to verified closure. If a threat intelligence escalation appears, you coordinate a fast, structured response.
By midday, you’re drafting concise briefs on newly disclosed and frontier-model-influenced vulnerabilities, translating technical details into action plans for development teams. In the afternoon, you’re hands-on with AI-enabled security tooling—testing frontier-model capabilities for code reasoning, triage acceleration, and remediation recommendations while ensuring auditability, secure use controls, and human-in-the-loop review.
Before you wrap, you reinforce our software supply chain security—from dependency hygiene (SBOM visibility, malicious package detection, policy enforcement) to safeguarding developer IDEs, plugins/extensions, code-assist tools, package managers, and CI integrations against compromised components and unsafe configurations.
- Deliver unified triage across SCA/SAST/DAST findings: validate severity, assess exploitability, analyze false positives, and provide actionable fixes and escalations for production and business-critical apps.
- Coordinate responses to threat intelligence escalations and PatchNow Critical events, including scoping, owner routing, mitigation guidance, tracking, and closure verification.
- Monitor and analyze newly disclosed and novel vulnerabilities—especially those accelerated by frontier-model research—and produce actionable remediation briefs.
- Engineer, test, and implement AI-assisted security tooling leveraging frontier models for vulnerability identification, code reasoning, triage acceleration, and analyst workflow automation with appropriate guardrails.
- Support evaluation and onboarding of new AI capabilities: proof-of-value execution, security testing, control validation, data handling review, model output evaluation, success metrics, and governance documentation.
- Strengthen software supply chain security: secure open-source dependency intake, SBOM and component visibility, malicious package detection, dependency health assessment, and policy enforcement across dev, pipeline, and artifact workflows.
- Improve developer environment security: harden IDEs, plugins/extensions, package managers, code-assist tools, and CI integrations against malicious code and compromised components.
- 3+ years of code scanning
- 3+ years of open-source scanning
- 3+ years of dynamic and static scanning
- Proven track record triaging SCA/SAST/DAST findings and driving high-severity escalations (threat intel and critical patch events) to remediation and closure.
- Engineering background in scripting, automation, APIs, CI/CD workflows, developer tooling, or security platform integrations.
- Hands-on familiarity with AI-enabled security tools, frontier models, coding assistants, prompt/tool orchestration, model evaluation, or AI governance.
- Experience securing the software supply chain and developer tooling (IDEs, plugins/extensions, package managers, CI/CD integrations) from compromise and malicious code.
- Ability to convert technical vulnerabilities into clear remediation steps, risk summaries, and prioritized recommendations for dev and security stakeholders.
- Code Scanning
- DAST
- Open-source scanning
- SAST
- SCA
- Dynamic and static scanning
- CI/CD
- Artificial Intelligence