Security Lead

About CodeRabbit

CodeRabbit is an innovative research and development company focused on building extraordinarily productive human-machine collaboration systems. Our primary goal is to create the next generation of Gen AI-driven code reviewers: a symbiotic partnership between humans and advanced algorithms that significantly outperforms individual engineers. We combine language models with human ingenuity to push the boundaries of software development efficiency and quality.

About CodeRabbit

CodeRabbit is building the future of AI-powered code reviews. We're creating intelligent systems that significantly enhance developer productivity and code quality through advanced AI. Our platform provides context-aware review feedback within minutes, integrating seamlessly with GitHub and GitLab repositories used by thousands of developers worldwide.

The Role

We're looking for our first Head of Security to establish and lead our security practice. This is a unique opportunity to build a world-class security program from the ground up at a fast-growing AI company handling sensitive code from enterprises worldwide. You'll be responsible for protecting our infrastructure, ensuring compliance with global standards, securing our AI-powered code review platform, and building trust with customers and partners.

As Head of Security, you'll wear multiple hats—from hands-on security engineering to strategic compliance planning—and work directly with engineering, product, and leadership teams to embed security into everything we do.

What You'll Do Security Engineering & Architecture

• Design and implement comprehensive security architecture for our AI-powered code review platform

• Build and maintain secure code practices across our engineering organization

• Conduct and oversee regular security assessments, penetration testing, and vulnerability scanning

• Lead incident response planning and execution

• Implement security monitoring, detection, and response capabilities

• Ensure the security of our AI/ML pipelines and model infrastructure

Compliance & Governance

• Own and drive compliance initiatives including SOC 2, ISO 27001, GDPR, and other relevant frameworks

• Develop and maintain security policies, standards, and procedures

• Manage security audits and maintain relationships with auditors

• Create and deliver security awareness training programs

• Build and maintain our security documentation and runbooks

Vulnerability Disclosure & Risk Management

• Establish and manage our Vulnerability Disclosure Program (VDP)

• Coordinate with security researchers and manage responsible disclosure processes

• Oversee bug bounty program operations and researcher relationships

• Conduct risk assessments and implement mitigation strategies

• Track and report on security metrics and KPIs

Partnership & Customer Trust

• Serve as the security point of contact for enterprise customers and partners

• Complete security questionnaires and participate in customer security reviews

• Build trust through transparency and clear communication about our security practices

• Collaborate with Sales and Customer Success on security requirements

• Represent CodeRabbit's security posture in customer and partner engagements

Team Building & Leadership

• Build and scale the security team as the company grows

• Mentor engineers on security best practices

• Foster a security-first culture across the organization

• Partner with Engineering leadership to integrate security into the SDLC

What We're Looking For Required Qualifications

• 10-15 years of experience in information security, with at least 5 years in a leadership role

• Deep expertise in application security, including secure coding practices, OWASP Top 10, and common vulnerability classes

• Proven experience building and managing compliance programs (SOC 2, ISO 27001, GDPR, etc.)

• Hands-on experience with penetration testing, vulnerability assessment tools, and security testing methodologies

• Strong understanding of cloud security (AWS, GCP, or Azure) and modern DevSecOps practices

• Experience managing vulnerability disclosure programs or bug bounty programs

• Track record of working effectively with engineering teams and embedding security into development workflows

• Excellent communication skills with ability to explain complex security concepts to technical and non-technical audiences

• Self-starter mentality with ability to build programs from scratch

Preferred Qualifications

• Experience in high-growth startups or fast-paced technology companies

• Background in SaaS or developer tools companies

• Security certifications such as CISSP, OSCP, CEH, or equivalent

• Experience with AI/ML security and securing generative AI applications

• Familiarity with code analysis, AST manipulation, and static analysis security testing (SAST)

• Experience with Git, GitHub/GitLab security, and CI/CD pipeline security

• Knowledge of supply chain security and software composition analysis

• Previous experience in a player-coach role where you're both building and leading

What Sets You Apart

• You're passionate about developer tools and understand the unique security challenges of AI-powered code analysis

• You balance security with developer experience—you enable rather than block

• You're comfortable with ambiguity and thrive in a fast-moving startup environment

• You think like both an attacker and a defender

• You prioritise collective intelligence and collaborate effectively across teams

• You turn obstacles into growth opportunities

• You can context-switch between deep technical work and strategic planning

Our Values

1. Collaborative Humans: Prioritising collective intelligence

2. Fearless Innovators: Turning obstacles into growth opportunities

3. Persistent Passionate Developers: Thriving on complex, long-term challenges

4. Impact-Driven Creators: Crafting intuitive tools for developers

5. Rapid Learners and Un-learners: Adapting quickly in our fast-paced technological world

What We Offer

1. Work on cutting-edge technology with real-world impact

2. Collaborative and innovative environment

3. Competitive salary, equity, and benefits

4. Professional development opportunities

To apply, submit your resume and relevant project samples or GitHub profiles. CodeRabbit is an equal-opportunity employer committed to diversity and inclusion.

---