Senior Software Engineer - OpenGRC

Requirements

• Background in GRC, cybersecurity, or risk quantification .
• Familiarity with CTI standards like STIX/TAXII or MITRE ATT&CK.
• Active in open-source communities , comfortable reviewing and streamlining community PRs.
• 🛡️ About OpenGRC
• OpenGRC is a new initiative designed to disrupt the Governance, Risk, and Compliance market. Unlike traditional GRC tools that rely on static checklists and subjective "High/Medium/Low" assessments, OpenGRC is built to be proactive, data-driven, and financially quantified.
• 🌱 Why Join Filigran? More than just a job.
• We're a fast-growing, global, and fully remote company building open-source cybersecurity solutions, increasingly powered by AI, to help defense teams anticipate threats and act faster.
• ⭐ What we believe
• We believe we do work that matters, uniting defenders into a global c

Benefits

Additional Information

🌀 The Company Filigran, founded in October 2022, stands out in the cybertech ecosystem for its commitment to revolutionizing cyber threat management with a proactive approach. Its mission is to develop innovative open-source solutions designed to anticipate cyber threats, identify security gaps, and strengthen organizational security posture. Filigran solutions are now trusted by over 6,000 public and private organizations worldwide. 🎯 The Role We're building a new product from scratch, and we're looking for an engineer to help lay the foundations. Traditional GRC tools score risk with static checklists and a gut-feel "High / Medium / Low." We think that's broken. OpenGRC turns live threat data into something a CISO can actually act on, and put a dollar figure on. It correlates real-time threats to a company's assets, verifies whether their defenses actually hold, and translates the gaps that remain into money. You'll work in a small squad to define the architecture and ship the product, and your hardest problems will be: Correlation: linking real-time CTI feeds to a company's internal assets and security controls. Verification: folding in real exposure results to tell proven defenses apart from assumed ones. Quantification: calculating financial risk on the fly as the threat landscape shifts. 💼 What You'll Build Build the OpenGRC engines. Correlation links threats to assets, verification leans on OpenAEV to test whether controls actually stand, and quantification turns the proven exposure into money. Own the stack end to end. A clean, scalable single-page app that runs both as SaaS and on-prem, with React + TypeScript on the front, Node.js on the back, and PostgreSQL underneath. Move fast, then move right. Prototype to test an idea, refactor when the product proves you wrong. The vision will shift with user feedback, and the code should keep up. Shape the product, not just the code. As an early hire, your input counts wherever engineering meets product. 🤝 Who You'll Work With You'll report to OpenGRC's Engineering Manager and sit in a small squad of 3 people that's set to grow. You'll work closely with the VP of Tech, the CTO, and Principal Engineers to align on technical standards and integrate with the wider ecosystem (OpenCTI, OpenAEV, XTMOne). 🧬 Profile We're Looking For A full-stack engineer with deep expertise, who carries a feature from data model to UI with type safety throughout. You set the bar for readability, maintainability, and quality, in code as in tests. Comfortable modeling dense, unmapped domains: you can take on a dense domain (dozens of objects to model, link, reconcile, and aggregate to feed a real-time risk calculation) without a predefined schema or an existing solution to follow, and you're energized by that. Technical leader and mentor: you make other engineers better. You guide the squad toward the right architectural decisions, explain the reasoning clearly, and grow people's autonomy rather than centralizing knowledge. Cross-team impact: you own topics end to end, and the problems you take on often reach beyond your immediate scope. You identify technical risks that could affect the whole company down the line, and you address them early. Pragmatic and opinionated: you balance craft, speed, and long-term maintainability. You prototype to learn, refactor when the product proves you wrong, and you challenge existing approaches, backing your case with data when you can. Product sense: you understand that building a product isn't the same as writing code. You think about the CISO on the other end and shape product direction wherever it meets your work. AI: You're curious and willing to adopt AI tools to work smarter and deliver better results. Fluent in English and French.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at filigran? Share your experience