We're building the system between finding a vulnerability and proving it's fixed
Early-stage, engineering-first. One hard problem: turning remediation into a system that can be owned, verified, and explained.
Most security software is built to impress in a demo. We're building for the person who has to run it at 2am.
A typical week might mean wiring a Qualys integration that deduplicates findings across three scanners, debugging why an SLA clock drifted during a timezone edge case, or figuring out how to make a verification re-scan result land in the right work item without human intervention. The problems are specific. The users notice when you get them right.
If you like hard technical problems where the measure of success is whether an operator's day got easier, you'll probably like it here.
Engineering rigor
A remediation dispatch that fires twice is worse than one that doesn't fire at all. We care about correctness in the boring places: state machines, retry logic, evidence integrity.
Execution over optics
The question is whether the feature improved an operator's workflow, not whether it looked good in a product review. We ship, measure, and adjust. The demo is the last thing we build.
Founder-led clarity
Small team, one product, one problem. You'll talk to the founder most days. Decisions happen fast because the context is shared.
We may not have the right role open today, but we want to know the right people.
If this is the kind of problem you want to work on, introduce yourself.