US-focused software security hiring

Specialist AppSec and DevSecOps search for teams that need signal, not noise.

I’m Peter Farrelly. I run Boundary Search, a specialist recruitment practice focused on Application Security, DevSecOps, Product Security, and Cloud Security. I help engineering-led companies hire practitioners and leaders who understand code, pipelines, platforms, and how security actually gets embedded.

2 to 4 weeks Typical shortlist delivery
US market Primary hiring focus
Founder-led Direct execution on every search
Discuss a Search View Specialisms

Typical mandates: AppSec Engineer, Product Security Engineer, DevSecOps Engineer, Cloud Security Engineer, AppSec Lead, and Security Engineering leadership.

Focused, high-signal search

Need a sharper security hiring partner?

I work directly with founders, CTOs, CISOs, and security leaders to scope the role properly, calibrate the market, and build shortlists that make technical sense.

London based, supporting US teams
Monday to Friday, 9:00 AM to 6:00 PM
Start the conversation

I work with: Series A to C startups, scaleups, and established engineering-led organisations building or maturing software security capability.

Why Boundary Search

Depth over breadth, with direct founder-led execution.

Boundary Search is built around specialist software security hiring. I work directly with clients across retained and contingent mandates, focusing on the technical security practitioners and leaders who sit closest to the codebase, build pipeline, cloud platform, and release process.

  • AppSec fluency across threat modelling, secure code review, SSDLC, vulnerability triage, and developer-facing security programmes.
  • DevSecOps understanding spanning CI/CD security controls, SAST, DAST, SCA, secrets detection, IaC scanning, container security, and policy-as-code.
  • Direct execution from search brief to shortlist, with honest market feedback and a process designed to reduce wasted cycles.

What clients usually need help with

Most software security searches fail because the brief is vague, the calibration is off, or the recruiter cannot separate real engineering depth from surface-level keyword matching.

I work with teams that want a recruiter who understands the difference between product security and compliance, between security engineering and security operations, and between someone who has used the tooling and someone who has changed engineering behaviour at scale.

The result is a sharper brief, cleaner outreach, and shortlists that stand up to scrutiny from security leaders, CTOs, and hiring managers.

Core specialisms

Where I add the most value

Targeted search across the software security lifecycle and the teams responsible for building it.

Application Security

AppSec Engineers, Application Security Architects, secure code reviewers, and senior practitioners focused on threat modelling, remediation, and developer enablement.

DevSecOps

Platform-aligned security hires who can embed controls into CI/CD, automate testing, harden pipelines, and improve security telemetry across release workflows.

Product Security

Security engineers and leaders who can partner with engineering and product teams to reduce application risk without slowing delivery.

Cloud & Platform Security

Security engineers working across AWS, Azure, GCP, Kubernetes, containers, identity, secrets management, and infrastructure-as-code.

Security Engineering Leadership

Heads of AppSec, Product Security leaders, security engineering managers, and technical leaders building mature secure development programmes.

Adjacent Specialist Roles

Closely related hires including offensive security practitioners with code fluency, software-focused detection engineers, and security architects embedded in delivery teams.

Search process

How I run a search

Focused, high-signal delivery for technical security roles that are hard to fill properly.

01

Calibrate the brief properly

I map the real shape of the role, including ownership, technical depth, team fit, stakeholder profile, and what good looks like in the market.

02

Target signal, not surface keywords

I look for evidence in architecture work, SSDLC ownership, pipeline security, developer coaching, and secure-by-design decision-making.

03

Stay tight through delivery

You work directly with me throughout, so feedback loops stay fast, calibration stays honest, and the shortlist stays aligned.

Illustrative outcome

Case study

A recent mandate showing how I approach specialist AppSec hiring.

Application Security Lead, confidential SaaS company

Context

Series B SaaS company with roughly 120 engineers and no formal AppSec function. Needed a first senior hire to build capability and embed secure development practices.

Challenge

The brief needed a hybrid profile: hands-on AppSec depth, strong developer credibility, and the ability to influence engineering without slowing delivery.

Approach

Targeted market mapping across security-led and high-growth engineering environments, with heavy calibration on SSDLC ownership, tooling depth, and developer enablement.

Outcome

Shortlist of 4 high-signal candidates in 3 weeks, completed hire in 5 weeks, and a placement now leading AppSec strategy and secure coding adoption.

Get in touch

Contact

If you are hiring in Application Security, DevSecOps, Product Security, or a related software security niche, send over the brief and I will come back within 24 hours with an honest view of the market and how I would run the search.

No spray-and-pray recruiting. Boundary Search is designed for specialist mandates where technical context matters and shortlist quality is the priority.

Email

Peter@BoundarySearch.com

Location

London, United Kingdom

Supporting hiring mandates across the United States

LinkedIn

LinkedIn profile coming soon

Availability

Monday to Friday

9:00 AM to 6:00 PM

Search scoping calls by appointment

Loading
Your message has been sent. Thank you.