🤝 Equity Upside: On equity partnership engagements, senior contributors may be eligible for a small equity allocation alongside their cash compensation — negotiated per engagement.
Now Hiring — Project-Based Roles

Build Something
Meaningful.

We hire top-tier talent for defined project engagements. Clear scope. Clear pay. No ambiguity. Every role comes with a 25% nonrefundable deposit paid before work begins — so you start with skin in the game on both sides.

💳 Staff Payment Structure: You receive one week of pay in advance before each week of work begins — covering clearly defined deliverables for the following week. No ambiguity about scope or timing. Client-side: clients pay a 25% nonrefundable deposit to start, with remaining balance at agreed milestones.
Showing 7 open roles

Lead web application, network, and API penetration testing engagements for US-based startup clients. Produce executive-grade reports with CVSS scoring, proof-of-concept demonstrations, and actionable remediation guidance. You'll work alongside our US-based security leadership to deliver world-class assessments. Typical engagement: 2–3 weeks with strong potential for repeat work across our growing client base.

Requirements

  • OSCP, CEH, GPEN, or equivalent certification (required)
  • 3+ years hands-on penetration testing experience
  • Proficiency with Burp Suite, Metasploit, Nmap, Nessus
  • Experience with OWASP Top 10, CVSS scoring, and CVE research
  • Strong written English for executive-level reporting
  • Familiarity with compliance frameworks (SOC2, HIPAA, ISO 27001) a plus
Duration: 2–3 weeks
Type: Project-based
Location: Remote
Your Pay: 1 week in advance
Apply Now

Join project teams building SaaS products, fintech platforms, and internal tools for seed-to-Series B clients. You'll work in 2-week agile sprints under US technical leadership, with clear deliverables per milestone. Projects range from 4–16 weeks. Our clients are building in regulated industries — so you'll be expected to write clean, secure, well-documented code.

Requirements

  • 3+ years production experience with React and TypeScript
  • Strong Node.js / Express backend skills
  • Cloud deployment experience (AWS preferred: EC2, RDS, S3, Lambda)
  • Familiarity with secure coding practices and OWASP guidelines
  • Experience with REST and GraphQL API design
  • PostgreSQL or equivalent relational database proficiency
  • Bonus: Docker, Kubernetes, CI/CD pipelines
Duration: 4–16 weeks
Type: Project-based
Location: Remote
Your Pay: 1 week in advance, weekly
Apply Now

Design and implement security-hardened CI/CD pipelines, container security postures, and cloud compliance frameworks for clients targeting SOC2 or HIPAA certification. You'll assess existing infrastructure, recommend hardening measures, and implement controls in collaboration with client engineering teams. Typical engagement: 3–6 weeks.

Requirements

  • Proficiency with Terraform or Pulumi for infrastructure-as-code
  • Hands-on experience with GitHub Actions, GitLab CI, or Jenkins
  • AWS Security Hub, GuardDuty, IAM, and VPC security experience
  • Docker and Kubernetes security hardening
  • SAST/DAST tooling (Snyk, SonarQube, OWASP ZAP)
  • Secrets management (HashiCorp Vault, AWS Secrets Manager)
  • SOC2 or HIPAA compliance experience a strong plus
Duration: 3–6 weeks
Type: Project-based
Location: Remote
Your Pay: 1 week in advance, weekly
Apply Now

Build LLM integrations, RAG pipelines, and ML-powered features for client products. Our clients are building AI into high-stakes domains — payments, healthcare, compliance — so reliability and security matter as much as capability. Projects are well-scoped before engagement begins. You'll work alongside our technical lead and have full context on the product roadmap.

Requirements

  • Strong Python — NumPy, Pandas, FastAPI / Flask
  • OpenAI, Anthropic, or equivalent LLM API experience
  • RAG pipeline experience (LangChain, LlamaIndex, or custom)
  • Vector database experience (Pinecone, Weaviate, Chroma)
  • ML model deployment and MLOps practices
  • Experience with fraud detection or anomaly detection models a strong plus
  • Bonus: fine-tuning, RLHF, multimodal models
Duration: 4–12 weeks
Type: Project-based
Location: Remote
Your Pay: 1 week in advance, weekly
Apply Now

Build cross-platform iOS/Android apps for startup clients. Projects include full-feature MVP builds and iterative feature sprints. You'll receive detailed specs, design files, and API documentation before starting. All projects are scoped with explicit acceptance criteria — no ambiguous "done" definitions. Typical engagement: 6–12 weeks.

Requirements

  • 3+ years React Native production experience
  • Expo and bare workflow proficiency
  • State management: Redux, Zustand, or equivalent
  • REST and GraphQL API integration
  • App Store and Google Play submission experience
  • Push notifications, deep linking, biometric auth
  • Bonus: Flutter, Swift, or Kotlin native experience
Duration: 6–12 weeks
Type: Project-based
Location: Remote
Your Pay: 1 week in advance, weekly
Apply Now

Support penetration testing engagements and perform vulnerability assessments, threat modeling, and compliance gap analyses. Ideal for candidates with 2–4 years of hands-on security experience looking to grow within a structured, US-led team. Great entry point for repeat project work across our expanding client base.

Requirements

  • 2+ years vulnerability assessment or security testing experience
  • Working knowledge of OWASP Top 10 and CVE database
  • Familiarity with Nessus, OpenVAS, Burp Suite Community
  • Basic network security concepts (TCP/IP, firewalls, VPNs)
  • Clear written communication for findings reports
  • Security certifications in progress (CEH, CompTIA Security+) a plus
Duration: 1–2 weeks
Type: Project-based
Location: Remote
Your Pay: 1 week in advance, weekly
Apply Now

Coordinate delivery across multi-disciplinary project teams — engineers, security specialists, and client stakeholders. You'll own sprint planning, milestone tracking, risk escalation, and client communications. Must be comfortable working across time zones and translating technical status into clear executive summaries. This is a recurring role; strong performers move across multiple engagements.

Requirements

  • 3+ years project management in a technology context
  • Experience managing agile / scrum engineering teams
  • Proficiency with Jira, Linear, Notion, or equivalent
  • Excellent written and verbal English communication
  • Comfortable with technical concepts (APIs, CI/CD, security testing)
  • PMP, CSM, or equivalent certification a plus
Duration: 4–12 weeks
Type: Project-based (recurring)
Location: Remote
Your Pay: 1 week in advance, weekly
Apply Now

Common Questions

When a project is confirmed and signed, you receive one week of pay upfront before that week's work begins — every week, in advance. Each weekly payment covers a clearly scoped set of deliverables so there is never any ambiguity about what's expected. On the client side, they pay a 25% nonrefundable deposit at project start, with the remainder invoiced at milestones.
You keep all payments received to date. The milestone structure protects you — you're never more than one milestone ahead of payment. If a project is cancelled mid-engagement, you're paid for all completed milestones. The 25% deposit specifically ensures you're never starting at financial risk.
These are project-based engagements, not full-time employment. You may work on other projects simultaneously as long as there's no conflict of interest. Strong performers typically move across multiple Catalyst engagements consecutively, creating a de facto recurring income stream.
Very. We invest heavily in scoping before any engagement begins. You'll receive a statement of work with explicit deliverables, acceptance criteria, timeline, and milestone payment schedule. There are no vague "ongoing support" obligations or scope creep without a formal change order.
Click "Apply Now" on any role above — it opens a pre-filled email to [email protected]. Include a brief note about your relevant experience, a portfolio or GitHub link if applicable, and your availability. We aim to respond within 48 business hours. Strong candidates move to a short technical interview within one week.