Senior Software Engineer - OpenGRC

🌀 The Company

Filigran, founded in October 2022, stands out in the cybertech ecosystem for its commitment to revolutionizing cyber threat management with a proactive approach. Its mission is to develop innovative open-source solutions designed to anticipate cyber threats, identify security gaps, and strengthen organizational security posture.

Filigran solutions are now trusted by over 6,000 public and private organizations worldwide.

🎯 The Role

We're building a new product from scratch, and we're looking for an engineer to help lay the foundations.

Traditional GRC tools score risk with static checklists and a gut-feel "High / Medium / Low." We think that's broken. OpenGRC turns live threat data into something a CISO can actually act on, and put a dollar figure on. It correlates real-time threats to a company's assets, verifies whether their defenses actually hold, and translates the gaps that remain into money. You'll work in a small squad to define the architecture and ship the product, and your hardest problems will be:

• Correlation: linking real-time CTI feeds to a company's internal assets and security controls.
• Verification: folding in real exposure results to tell proven defenses apart from assumed ones.
• Quantification: calculating financial risk on the fly as the threat landscape shifts.

💼 What You’ll Build

• Build the OpenGRC engines. Correlation links threats to assets, verification leans on OpenAEV to test whether controls actually stand, and quantification turns the proven exposure into money.
• Own the stack end to end. A clean, scalable single-page app that runs both as SaaS and on-prem, with React + TypeScript on the front, Node.js on the back, and PostgreSQL underneath.
• Move fast, then move right. Prototype to test an idea, refactor when the product proves you wrong. The vision will shift with user feedback, and the code should keep up.
• Shape the product, not just the code. As an early hire, your input counts wherever engineering meets product.

🤝 Who You'll Work With

You'll report to OpenGRC's Engineering Manager and sit in a small squad of 3 people that's set to grow. You'll work closely with the VP of Tech, the CTO, and Principal Engineers to align on technical standards and integrate with the wider ecosystem (OpenCTI, OpenAEV, XTMOne).

🧬 Profile We're Looking For

• A full-stack engineer with deep expertise, who carries a feature from data model to UI with type safety throughout. You set the bar for readability, maintainability, and quality, in code as in tests.
• Comfortable modeling dense, unmapped domains: you can take on a dense domain (dozens of objects to model, link, reconcile, and aggregate to feed a real-time risk calculation) without a predefined schema or an existing solution to follow, and you're energized by that.
• Technical leader and mentor: you make other engineers better. You guide the squad toward the right architectural decisions, explain the reasoning clearly, and grow people's autonomy rather than centralizing knowledge.
• Cross-team impact: you own topics end to end, and the problems you take on often reach beyond your immediate scope. You identify technical risks that could affect the whole company down the line, and you address them early.
• Pragmatic and opinionated: you balance craft, speed, and long-term maintainability. You prototype to learn, refactor when the product proves you wrong, and you challenge existing approaches, backing your case with data when you can.
• Product sense: you understand that building a product isn't the same as writing code. You think about the CISO on the other end and shape product direction wherever it meets your work.
• AI: You're curious and willing to adopt AI tools to work smarter and deliver better results.
• Fluent in English and French.

Nice to have

• Background in GRC, cybersecurity, or risk quantification.
• Familiarity with CTI standards like STIX/TAXII or MITRE ATT&CK.
• Active in open-source communities, comfortable reviewing and streamlining community PRs.

🛡️ About OpenGRC

OpenGRC is a new initiative designed to disrupt the Governance, Risk, and Compliance market. Unlike traditional GRC tools that rely on static checklists and subjective "High/Medium/Low" assessments, OpenGRC is built to be proactive, data-driven, and financially quantified.

Our vision is to fuse Cyber Threat Intelligence (CTI) with Risk Management. We enable CISOs to correlate real-time threat feeds (via OpenCTI) with their internal assets, verify defenses automatically (via OpenAEV), and translate technical vulnerabilities into dollars. We are building the bridge between the SOC technical reality and the Boardroom's financial language.

🌱 Why Join Filigran? More than just a job.We’re a fast-growing, global, and fully remote company building open-source cybersecurity solutions, increasingly powered by AI, to help defense teams anticipate threats and act faster.

⭐ What we believe

We believe we do work that matters, uniting defenders into a global community to make security more open, resilient & collaborative.

💻 How we work

We do work that matters by combining strong engineering standards with emerging technologies, including AI, to move faster and smarter.

🧭 What guides us

We make our work matter by building a culture grounded in our CORE values of Cohesion, Openness, Responsibility, and Equity. The principles that guide how we make decisions, treat people, and grow together, especially when no one’s watching.

💰 Compensation & Benefits

• Competitive pay + equity - everyone shares in our success
• Remote-first, flexible, and balanced - work that fits your life
• Your setup, your choice - pick the gear that works for you
• Twice-a-year gatherings - we meet in person for regional and global offsites to connect, collaborate, and strengthen our culture beyond the screen

🌍 Equal Employment Opportunity

We enable cybersecurity through inclusion - from code to culture.

At Filigran, we are proud to be an equal opportunity employer. We believe diversity of our people make our products and our team stronger. We welcome talent of every background, identity, and lived experience, regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, age, disability, or veteran status.

What matters here is what you bring, not what you look like, where you’re from, or how you identify.

🚀 Ready to Join Us?

Apply now and help us build the future of the cybersecurity ecosystem, together.