What we screen for
- Application and cloud security: threat modelling, secure design, common vulnerability classes
- Pragmatism — reducing real risk without becoming a blocker to shipping
- Enough software engineering to work inside the codebase, not just around it
- Detection, response and, where relevant, compliance (SOC 2, ISO 27001)
Every candidate is technically assessed by us, people who have done the job, before you spend a minute interviewing.