We're hiring!

All jobs are 100% remote, 6 month contract to start, full time with benefits if we mutually decide to move forward.

Applicants must be eligible to work in the US.

Please include your resume when applying.

Fine to apply for roles we haven't posted, but understand that's not our priority for hiring.

Please do NOT send messages or questions to our founder regarding your application.

We aren't using a recruiting firm, since their incentives & style tend to result in a biased pipeline, so please be patient.

Privacy: We will use your data only for our hiring purposes. We do not sell your data.

Tier 2 Triage


This position will provide vulnerability assessment support, focused on managing incoming vulnerability disclosure cases after they have been already verified (tier 1). Additional responsibilities include performing research and analyzing current threats and vulnerabilities that may affect the enterprise, writing security advisories, and participating as team member performing focused adversarial assessments. 


  • Owning end-to-end case resolution of incoming security reports, to include any additional investigation

  • Perform research on current threats and vulnerabilities

  • Author security advisories

  • Manage enterprise vulnerability compliance

  • Conduct vulnerability assessments of IT systems

  • Other duties as assigned

Qualifications & Skills

  • Firm understanding of Vulnerability Coordination and Disclosure

  • Familiarity with ISO 29147 and 30111 

  • Demonstrated Experience with vulnerability assessment, including expert experience in at least two of the following areas

    • Vulnerability Assessment

    • Intrusion Prevention and Detection

    • Access Control and Authorization

    • Policy Enforcement

    • Application Security

    • Protocol Analysis

    • Firewall Management

    • Incident Response

    • Encryption

    • Web filtering

    • Advanced Threat Protection

Please include your resume when applying

Tier 3 Security Engineer


Vulnerability Management Security Engineer is expected to identify solutions for common security problems while participating in a broader Cyber Security team focused on building relationships with developers and engineers across the organization, and executing complex projects with minimal oversight.


  • Advise the root cause investigation of vulnerabilities and propose sound security engineering resolution.

  • This role will involve engagement as a functional liaison with product and engineering managers, infrastructure owners, security leadership, executive leaders across the company, and development and systems engineers.

  • Familiarity with common vulnerabilities, security bugs, CVE’s, and the various mechanism that Cyber Security organizations use to discover the same is important.

Qualifications & Skills

  • Familiar with various development environments and application security vulnerability.

  • A successful candidate may have exposure to vulnerability tracking tools, risk frameworks, governance committees, an understanding of the nuances of reporting on vulnerability status across the business and up the chain, and a knack for organizing disparate sets of vulnerability data into actionable metrics.

  • An engineering mindset toward tracking of vulnerabilities in automated and scalable ways will take you far.

Please include your resume when applying

Communications Specialist


This role will work closely with the engineering and PR teams to oversee communications between vulnerability handling team and security researchers. This role will also work with engineering and PR teams to develop reactive communications plans to mitigate potential negative issues. This role will also be responsible for scanning for, collecting, and scoring press and social media hits.



  • Work with engineering and PR teams on vulnerability cases and develop communications plans, internal, external, and executive comms.

  • Scan for, collect, and score press and social media hits.

  • Develop communications plans for regular updates to security community and customers around vulnerability handling and bounty program updates.

Qualifications & Skills

Demonstrated Experience with communications, including experience in:

  • Security and privacy communications

  • Vulnerabilities, vulnerability handling, and bounty programs

  • Crisis communications

  • Ability to move quickly in dynamic environments

Please include your resume when applying

© Luta Security, Inc.