CISO

Socket helps devs and security teams ship faster by cutting out security busywork. Thousands of orgs use Socket to safely find, audit, and manage open source code. Our customers — from Anthropic to xAI, and Figma to Vercel — love Socket (just check out their tweets to see for yourself!)

Founded by Feross Aboukhadijeh, a long-time open source maintainer with software downloaded over a billion times a month, Socket has raised $65M in funding from top angels, operators, and security leaders.

We’re looking for our very first CISO who blends deep security expertise with empathy for developers. As Socket’s technical authority and public face, you’ll bridge the gap between enterprise security needs and developer experience. Your job: help organizations adopt Socket by showing how security can be built into the developer workflow—without friction.

• Be the Technical Authority: Become the go-to expert on Socket’s platform. You’ll help design and communicate solutions that make both security teams and developers successful.

• Close Enterprise Deals: Lead key meetings with CISOs, CTOs, and engineering leaders. Show how Socket protects the software supply chain while staying out of the developer’s way.

• Travel and Speak: Speak at top-tier security and developer conferences like RSA, Black Hat, DEFCON, BSides meetups, and JSConf. Expect to travel 2–3 times per month.

• Own the Technical Narrative: Create clear, practical content—docs, integration guides, whitepapers, and developer-friendly explainers that spread fast.

• Bridge Security and Engineering: Understand the needs of both security and engineering teams, and help us build a product that satisfies both.

• Build Strategic Alliances: Partner with developer and security ecosystem leaders—GitHub, GCP, AWS, and others—to expand Socket’s reach and influence.

• Shape the Brand: Position Socket as the go-to platform for developer-first supply chain security through writing, speaking, and building trust in the industry.

• 10+ years leading and scaling a security organization at large technology companies.

• Previous experience in a high-profile CISO role.

• Deep expertise in application security.

• Technical credibility with both security leaders and software engineers.

• Strong communication skills across written, verbal, and presentation formats.

• Proven ability to lead enterprise deals through technical influence.

• A track record of writing public-facing content—blogs, social media, or technical publications.

• Demonstrated ability to attract and retain an audience that listens to your perspective.

• Experience growing and engaging security and/or developer communities.

• Strategic mindset—can connect technical decisions to business outcomes.

• Willingness to travel frequently and work across time zones.

• Proven experience with software supply chain security.

• Recognized expertise in application security (certifications or real-world leadership).

• Open source leadership or meaningful contributions to security-related projects.

• Conference speaking experience at major developer or security events.

As we know how important clarity is when looking for a new role, we've put together a read-me about the Interview Process at Socket, should you be invited for an interview.

1. Pursue Excellence: We set ourselves apart by consistently delivering work of exceptional quality and distinction.

2. Move with urgency and focus: We prioritize swift, decisive action.

3. Think rigorously: We care about being right and it often takes reasoning from first principles to get there. We value alternative perspectives and have constructive discussions.

4. Trust and amplify: We overtrust, always assume good intent, and give specific feedback to help each other improve.

5. Feel a strong sense of ownership: We wear many hats and feel a strong sense of overall ownership of the company and we're non-territorial regarding our nominal domains.

6. Are customer obsessed: We relentlessly prioritize the needs of our customers, striving to exceed their expectations and delight them at every interaction.