Senior Software Engineer (Product-minded) - OpenGRC

Filigran, founded in October 2022, stands out in the cybertech ecosystem for its commitment to revolutionizing cyber threat management with a proactive approach. Its mission is to develop innovative open-source solutions designed to anticipate cyber threats, identify security gaps, and strengthen organizational security posture.

Filigran solutions are now trusted by over 6,000 public and private organizations worldwide.

We're looking for a Senior Software Engineer to join our new OpenGRC team and help us bootstrap a brand new product from scratch.

You'll work closely with the Engineering Manager and a small, agile squad to define the technical architecture and build the MVP of our Governance, Risk, and Compliance solution that will turns abstract threat data into verified, quantified action plans.

This is a high-impact role where you will balance rapid iteration with code quality to lay the foundation for a scalable Open Source product. You will not just act as an implementer, but as a key contributor to the product vision, helping us solve complex challenges like real-time risk quantification algorithms and automated threat-to-asset correlation as well as all the associated UI representation.

• Full Stack Architecture: Build a clean, scalable Single Page App (SPA) deployable both as SaaS and On-Premise, using React, TypeScript, and Node.js. You will design complex data visualizations (risk heatmaps, financial impact timelines) and performant backend services.

• Core Engine Development: Design and implement the core engines that make OpenGRC unique:

  • Correlation Engine: Link CTI feeds (STIX objects) to internal Assets and Controls.

  • Quantification Engine: Implement algorithms to calculate financial risk dynamically based on changing threat landscapes.

• Architectural Evolution: Refine the software architecture to handle heavy data ingestion and cross-platform integrations (OpenCTI, OpenAEV, CMDBs).

• Product Engineering: As we are in the early POC phase, you will actively contribute to product definition. You will help define how we model "Threat Contexts," "Risk Scenarios," and "What-If" simulations and more.

• Rapid Prototyping: Iterate fast to test concepts (e.g., a "Risk Spike" alert system), being comfortable with refactoring or deleting code as the product vision evolves based on user feedback.

• Community Management: Engage with the Open Source community (GitHub, Slack), answering user questions and integrating feedback into the product.

• Team Structuring: Participate in the creation of development processes and team culture as one of the first hires in this new squad.

• Direct report: You will report to the Engineering Manager of OpenGRC.

• Team: You will form the initial squad with the Engineering Manager, with plans for the team to grow fast.

• Collaboration: You will collaborate with the VP of Tech, CTO, and other Principal Engineers to align on technical standards and integration strategies with the wider ecosystem (OpenCTI / OpenAEV).

• Senior experience in Full Stack development, with strong proficiency in React, TypeScript, and Node.js. You will be responsible to architect a data-intensive, event-driven platform. You will bridge a distributed SQL backend handling massive scale with a high-quality React UI, driving features from technical design to final implementation with end-to-end type safety.

• Architectural Mindset: You have the ability to think critically about software architecture, especially regarding data modeling (Entities, Relationships) and complex business logic.

• Ownership & Agility: You have experience launching projects and are comfortable navigating uncertainty. You understand that we are building a product, not just writing code.

• Full Stack mastery: You are equally comfortable working on UI/UX implementation (taking a feature from conceptual design to a polished React interface) and backend logic (API design, query optimization, permission models).

• Communication: Fluent in English and French .

• Bonus Points:

  • Previous experience in the GRC (Governance, Risk, Compliance) or Cybersecurity sectors.

  • Familiarity with Cyber Threat Intelligence (CTI) standards like STIX/TAXII or the MITRE ATT&CK framework.

  • Interest in quantitative risk methodologies (e.g., FAIR model).

  • Experience contributing to or maintaining Open Source projects.

  • While our core stack is JS/TS, Python skills are highly valued for data processing scripts, integrations, and tooling.

OpenGRC is a new initiative designed to disrupt the Governance, Risk, and Compliance market. Unlike traditional GRC tools that rely on static checklists and subjective "High/Medium/Low" assessments, OpenGRC is built to be proactive, data-driven, and financially quantified.

Our vision is to fuse Cyber Threat Intelligence (CTI) with Risk Management. We enable CISOs to correlate real-time threat feeds (via OpenCTI) with their internal assets, verify defenses automatically (via OpenAEV), and translate technical vulnerabilities into dollars. We are building the bridge between the SOC technical reality and the Boardroom's financial language.

We’re a fast-growing, global, and fully remote company on a mission to empower defense teams to be proactive — through open-source solutions that uncover threats and drive action.

• ⭐ What we believe

  We believe we do work that matters — uniting defenders into a global community to make security more open, resilient & collaborative.

• 💻 How we work

  That belief fuels how we work — with focus, clarity and high standards. Always with care and respect, never with ego.

• 🧭 What guides us

  That focus and care is grounded in our CORE values: Cohesion, Openness, Responsibility, and Equity — the compass that guides our decisions, collaborations, and growth, even when no one’s watching.

• Competitive pay + equity — everyone shares in our success

• Remote-first, flexible, and balanced — work that fits your life

• Your setup, your choice — pick the gear that works for you

We enable cybersecurity through inclusion — from code to culture.

At Filigran, we are proud to be an equal opportunity employer. We believe diversity of our people make our products and our team stronger. We welcome talent of every background, identity, and lived experience — regardless of race, color, religion, gender, gender identity or expression, sexual orientation, national origin, age, disability, or veteran status.

What matters here is what you bring — not what you look like, where you’re from, or how you identify.

Apply now and help us build the future of the cybersecurity ecosystem — together.