How to Apply to Adaptivesecurity

11 min read Last updated April 20, 2026 9 open positions
Blake Crosley
Blake Crosley Researched using publicly available information, hiring data, and ATS analysis.

Key Takeaways

  • Adaptive Security is a Series A, a16z-backed AI-native cybersecurity startup focused on deepfake, voice-clone, and GenAI social engineering defense — not a legacy phishing simulation vendor.
  • The 43 million dollar Series A (April 2025) implies roughly 18 to 24 months of runway. Hiring pace is high, expectations are high, and compensation is equity-heavy.
  • CEO Brian Long is a two-time successful founder (Attentive, TapCommerce). His execution track record is a major asset and also a concentrated dependency — an honest risk to name.
  • The ATS is Ashby at jobs.ashbyhq.com/adaptive. Apply there directly with a clean PDF, a specific cover note, and real outcomes on the resume.
  • Interviews favor directness, specificity, and real-world problem solving. Generic behavioral scripts and vague outcomes do not land. Founders interview most hires at this stage.
  • The category is crowded (KnowBe4, Proofpoint, Hoxhunt, Abnormal, Doppel, Reality Defender, Pindrop, and others). Adaptive's wedge is AI-native design; the main risk is a legacy incumbent shipping a credible AI-native product faster than expected.
  • Strong signals: ownership, written communication, genuine curiosity about adversaries, comfort with ambiguity, and a realistic understanding of early-stage risk and equity.
  • Offers are negotiable. Ask for equity percentage, 409A valuation, vesting schedule, and acceleration terms — not just total share count — to evaluate the real economics.

About Adaptivesecurity

Adaptive Security is a Bay Area cybersecurity startup building what the company calls an AI-powered social engineering defense platform. Founded in 2023 and headquartered in the San Francisco Bay Area, Adaptive focuses on a specific and fast-growing attack surface: voice-cloning phone calls (vishing), deepfake video conferencing impersonation, SMS smishing, and AI-generated email phishing. Rather than compete directly on the commoditized legacy phishing-simulation turf that KnowBe4 and Proofpoint have dominated for a decade, Adaptive is trying to stake out the AI-native category created by the 2024 Q1 MGM and Caesars voice-phish incidents and the subsequent wave of CEO deepfake fraud cases that have appeared across Fortune 500 breach disclosures. The company announced a $43 million Series A in April 2025 led by Andreessen Horowitz (a16z), with participation from the OpenAI Startup Fund. That round is the single most important fact about working here: it sets the runway, the hiring bar, and the pace. A typical Series A of this size funds roughly 18 to 24 months of operation at aggressive hiring velocity, which means the next year inside the company is a sprint to prove product-market fit with enterprise buyers before a Series B conversation begins. Candidates should assume the environment is high-expectation, high-urgency, and equity-heavy in total compensation. Co-founder and CEO Brian Long is the primary reason the round closed on those terms. Long previously co-founded and ran Attentive (conversational SMS marketing) from zero to roughly 500 million dollars in ARR and a reported 7 billion dollar valuation, and before that founded TapCommerce, which Twitter acquired in 2014. Two successful founder outcomes is a rare profile, and it concentrates a lot of execution credibility in one person. That is both the company's biggest asset and an honest risk to name: early-stage outcomes at Adaptive correlate tightly with Long's ability to repeat in a new category. CTO Andrew Jones leads engineering. The product line centers on simulation plus training plus threat intelligence. The simulation engine, branded AEGIS internally, generates adaptive voice, video, and text attacks tailored to an organization's actual threat model and employee profile. Training is delivered in-flow after a simulated compromise rather than as quarterly compliance video. Threat intelligence tracks emerging AI-attacker tooling — voice-clone marketplaces, deepfake-as-a-service kits, and LLM jailbreak prompts — so customers can simulate what is actually being used against them. Early customers include enterprise pilots and Fortune 500 security teams post-Series A. The competitive picture is crowded. KnowBe4 (Vista-backed, private-equity owned), Proofpoint Security Awareness (ex-Wombat and MediaPro), Hoxhunt, Cofense, Ironscales, NINJIO, Arctic Wolf Training, and ThreatCop all claim some slice of this market. Adjacent AI-native players include Doppel (brand takedowns, also a16z), Reality Defender and Pindrop (deepfake and voice detection), Abnormal Security (inbound email behavior), and Truepic (image provenance). Adaptive's bet is that legacy vendors are too slow to re-architect around GenAI attacks and that regulatory pressure from SEC cyber disclosure, CISA AI attack guidance, and EU NIS2 will drive enterprise buying decisions in the category over the next 36 months. If that bet is wrong, or if a legacy vendor ships a credible AI-native product, the thesis compresses quickly. This is a normal early-stage risk — name it honestly as you evaluate the offer.

Application Process

  1. 1
    Adaptive Security uses Ashby as the applicant tracking system

    Adaptive Security uses Ashby as the applicant tracking system. The public job board lives at jobs.ashbyhq.com/adaptive and lists every open role. Apply there rather than on third-party job aggregators so your application lands directly in the hiring pipeline without recruiter attribution noise.

  2. 2
    Submit a focused resume (ideally one page for under ten years of experience, two

    Submit a focused resume (ideally one page for under ten years of experience, two pages maximum) tailored to the specific job posting. Ashby parses cleanly from PDF, so you do not need an ATS-gaming keyword dump. Human screeners read every resume at a company this small.

  3. 3
    A short cover note inside the Ashby application is worth writing

    A short cover note inside the Ashby application is worth writing. Three to five sentences that explain why you care about AI-enabled social engineering defense specifically — not generic cybersecurity interest — will move you ahead of boilerplate applicants. Mention a deepfake or voice-clone incident you followed if it is honest.

  4. 4
    The recruiter screen is typically 20 to 30 minutes with a talent partner or the

    The recruiter screen is typically 20 to 30 minutes with a talent partner or the hiring manager directly. Expect questions about your motivation for early-stage work, your comfort with ambiguity, and a light technical or domain screen. Be ready to articulate a point of view on why AI-attacker tooling changes the security awareness category.

  5. 5
    Technical roles (engineering, ML, research) usually include a take-home or live

    Technical roles (engineering, ML, research) usually include a take-home or live coding exercise, followed by a systems design or ML design round. Security-focused roles may involve a threat-modeling or attack-simulation design discussion. GTM roles (sales, customer success, marketing) involve a scenario or mock pitch round tailored to a security buyer persona.

  6. 6
    Expect to meet Brian Long (CEO) or Andrew Jones (CTO) at some stage in the proce

    Expect to meet Brian Long (CEO) or Andrew Jones (CTO) at some stage in the process. At a company this size, founders interview every hire. Prepare thoughtful questions about the 18-to-24-month roadmap, target ICP, and how the company plans to defend against legacy incumbents re-platforming on GenAI.

  7. 7
    A values or culture conversation is common

    A values or culture conversation is common. Adaptive-style startups screen hard for judgment, urgency, and what is often called low-ego high-bar behavior. Concrete stories about disagreement, recovery from failure, and peer feedback tend to outperform rehearsed answers.

  8. 8
    References are usually checked before an offer

    References are usually checked before an offer. Line up two or three managers or peers who can speak to specific outcomes you drove, not generic testimonials. Former colleagues who can describe how you behaved in ambiguity are most valuable.

  9. 9
    Offers are typically extended verbally first, then in writing via Ashby or DocuS

    Offers are typically extended verbally first, then in writing via Ashby or DocuSign. Negotiation is expected and does not hurt your standing. Ask for the equity percentage (not just share count), the 409A valuation, the vesting schedule, and any acceleration provisions. Series A equity is meaningful only if you understand dilution through Series B and C.

  10. 10
    Timeline from application to offer is typically two to four weeks when the proce

    Timeline from application to offer is typically two to four weeks when the process moves cleanly. Delays of a week or two between rounds are normal at a company hiring across many roles at once and are not usually a negative signal.

Resume Tips for Adaptivesecurity

recommended

Lead with a short professional summary (two or three lines) that names the categ

Lead with a short professional summary (two or three lines) that names the category you work in and the outcome you are known for. Generic summaries get skimmed past at a company reading hundreds of applications per role.

recommended

Quantify impact

Quantify impact. For engineering: latency reduced, throughput improved, incident count reduced, cost per query cut. For GTM: pipeline sourced, ACV closed, retention rate, cycle time. Numbers tell the Adaptive team you think in outcomes, not activity.

recommended

If you have cybersecurity, fraud, trust and safety, threat intelligence, or secu

If you have cybersecurity, fraud, trust and safety, threat intelligence, or security awareness experience, surface it in the top third of the resume. Even adjacent experience (abuse tooling, account takeover defense, anti-phishing at a large consumer platform) maps directly to what Adaptive does.

recommended

For ML and AI engineering roles, call out concrete work with LLMs, voice synthes

For ML and AI engineering roles, call out concrete work with LLMs, voice synthesis, speech models, or generative systems. Adaptive is hiring people who can reason about both sides of the attacker-defender loop in GenAI.

recommended

Name specific technologies

Name specific technologies. For backend roles this usually means Python, TypeScript, Go, AWS or GCP, Postgres, Kafka or similar. For ML: PyTorch, transformers, vector stores, LangChain or equivalent orchestration, evaluation frameworks. Vague tech lists read as inexperience.

recommended

Call out any experience with Ashby, Greenhouse-style structured interview proces

Call out any experience with Ashby, Greenhouse-style structured interview processes, or running hiring loops — if the role is recruiting, ops, or people focused. Tools matter at small companies.

recommended

Remove filler

Remove filler. Cut objective statements, high school entries, unrelated part-time work over a decade old, and soft-skill claims without evidence. One clean page of real outcomes beats two pages of buzzwords.

recommended

Link to concrete artifacts — GitHub, Scholar, a personal site, a conference talk

Link to concrete artifacts — GitHub, Scholar, a personal site, a conference talk, a publication, a security advisory you authored. Adaptive hiring managers click through. An empty GitHub for an engineering role is a negative signal unless explained.

recommended

Avoid overclaiming on deepfake or AI-security expertise if you do not have it

Avoid overclaiming on deepfake or AI-security expertise if you do not have it. The hiring team will probe. It is much better to say you are motivated to learn the category than to inflate past work.

recommended

Save and upload as a PDF with a sensible filename (Firstname_Lastname_Resume

Save and upload as a PDF with a sensible filename (Firstname_Lastname_Resume.pdf). Ashby parses it correctly. Do not send a Google Docs link without a PDF backup.

ATS System: Ashby

Adaptive Security uses Ashby as its applicant tracking system at jobs.ashbyhq.com/adaptive. Ashby is a modern, founder-friendly ATS popular with Series A and Series B startups funded by tier-one investors. It parses PDF resumes cleanly, supports structured interview scorecards, and is less forgiving of keyword-stuffing tricks than older enterprise systems because Ashby-using companies tend to have humans reading every application.

  • Apply at the canonical board: jobs.ashbyhq.com/adaptive. Avoid third-party listings that may route through a recruiter attribution layer you do not need.
  • Upload a PDF resume — Ashby parses PDF reliably. Word documents and Google Docs links are accepted but add friction.
  • Fill in the optional cover letter or free-text field. Ashby surfaces it prominently to reviewers. Three to five specific sentences outperform a long generic letter.
  • Ashby supports profile logins so you can track application status. Create an account rather than applying anonymously — you will see interview scheduling and status updates in one place.
  • Do not spam-apply to multiple unrelated roles. Ashby shows hiring managers your full application history at the company. Two well-matched applications beat six scattered ones.
  • Referrals work. If you know someone at Adaptive, ask them to submit you through Ashby's referral flow. Referral resumes typically get a guaranteed first-pass human review.
  • Keep formatting simple. No multi-column layouts, no embedded images, no unusual fonts. Ashby handles standard layouts well; exotic ones occasionally break parsing.
  • After applying, you will usually hear back within five to ten business days when the role is active. Silence beyond two weeks usually means the role moved forward with other candidates — a follow-up note is acceptable but rarely changes the outcome.

Interview Culture

Interviews at Adaptive Security carry the tone of a founder-led, execution-first startup.

Expect directness, a real time budget (interviewers will not waste your time and expect the same from you), and a high bar for specificity. Generic answers, vague outcomes, and rehearsed behavioral scripts do not land well. Concrete stories with names, numbers, and honest acknowledgment of what went wrong land very well. The hiring bar reflects Brian Long's Attentive playbook: hire people who can operate several levels above their stated role, close loops without hand-holding, and give and receive direct feedback. Long is known from his Attentive days for strong written-culture habits — assume interviewers will ask you to articulate positions in writing or on the spot with structure. Low-ego, high-bar is not a slogan here; interviewers will probe how you behave when you are wrong and how quickly you change your mind when the evidence shifts. Technical rounds tend to favor real-world problems over algorithmic puzzles. For engineering, expect a systems design problem anchored in the actual product surface area — designing a voice-simulation pipeline, an adversarial prompt-generation system, or a multi-tenant detection engine. For ML and research, expect depth probes on evaluation methodology, data contamination, and how you would measure whether a deepfake detector is actually working versus overfitting to a test set. GTM rounds are scenario-driven. Expect role-play with a security-buyer persona (CISO, security awareness director, IT director at a mid-market company) and judgment questions about how you would handle a commoditized-category objection like "we already have KnowBe4." Interviewers want to see that you can hold a crisp point of view without being defensive. Culture-fit conversations focus on urgency, ownership, and resilience. Early-stage startup work is not for everyone, and Adaptive is honest about that. If the interview feels intense, that is intentional — the company is selecting for people who will still be producing their best work eighteen months into a 24-month runway sprint.

What Adaptivesecurity Looks For

  • Founders and operators who have shipped something real. Ownership and outcome orientation matter more than pedigree. A strong side project or open-source contribution can outweigh a brand-name employer.
  • Urgency without panic. Adaptive is building in a fast-moving category where a six-month delay can mean losing the AI-native positioning to an incumbent. People who naturally move with speed while keeping quality high stand out.
  • Directness and low ego. The team values people who say the hard thing clearly, change their mind when evidence demands it, and do not confuse confidence with being right.
  • Genuine interest in the adversary. Whether you are in engineering, GTM, or operations, being curious about how attackers actually work — how voice cloning is commoditized, how CEO fraud pipelines operate, how LLM jailbreaks emerge — is a strong positive signal.
  • Comfort with ambiguity. Series A companies ship without perfect requirements, pivot on evidence, and rewrite plans quarterly. Candidates who need fully defined problem statements tend not to thrive here.
  • Written communication. Expect to write memos, threat models, customer one-pagers, or technical design docs in the interview or in your first week. Clear writing is a load-bearing skill at Adaptive, not a nice-to-have.
  • Evidence of accelerating growth. Interviewers look for candidates who visibly learned and scaled in each prior role rather than plateauing. A steep slope beats a tall starting point.
  • Security-aware judgment. Even non-security hires (designers, finance, people ops) are expected to reason about data handling, customer confidentiality, and operational discipline — this is a cybersecurity company selling into security-sensitive buyers.
  • Calibration on risk and reward. Candidates who understand Series A equity realistically (dilution, strike prices, exit timelines), ask good questions, and do not over-index on cash base salary are a stronger cultural match.
  • Long-term conviction about the AI-attacker thesis. Nobody needs to parrot a company line, but interviewers look for people who have thought independently about where AI-enabled social engineering is going over the next three to five years.

Frequently Asked Questions

Is Adaptive Security a good place to work?
It is a strong fit for people who want early-stage intensity at a well-funded Series A with credible founders and a timely thesis. It is a poor fit for people who want stable scope, predictable hours, or heavy process. Total compensation skews equity, which is meaningful only if the company reaches a successful exit — a real but uncertain outcome at this stage.
How much funding has Adaptive Security raised?
Adaptive Security announced a 43 million dollar Series A in April 2025, led by Andreessen Horowitz (a16z), with participation from the OpenAI Startup Fund. Earlier seed funding is not publicly detailed in the same announcements.
Who founded Adaptive Security?
Co-founder and CEO Brian Long, previously co-founder and CEO of Attentive (scaled to roughly 500 million dollars in ARR and a 7 billion dollar valuation) and before that founder and CEO of TapCommerce (acquired by Twitter in 2014). CTO is Andrew Jones.
What does Adaptive Security actually do?
The company builds an AI-powered social engineering simulation and training platform. It simulates voice-clone phishing (vishing), deepfake video impersonation, smishing, and AI-generated email phishing against employees, then delivers in-flow training and threat intelligence on emerging attacker tooling. The simulation engine is branded AEGIS internally.
How is Adaptive different from KnowBe4 or Proofpoint?
KnowBe4 and Proofpoint lead the legacy security awareness category, which has historically been commoditized around template-based email phishing simulation. Adaptive is betting the GenAI attack wave (voice clones, deepfake video, LLM-written lures) requires a re-architected product rather than a feature added to a legacy platform. Whether that bet wins or whether an incumbent catches up quickly is the open strategic question.
What ATS does Adaptive Security use?
Ashby. The public job board is jobs.ashbyhq.com/adaptive. Apply directly there rather than through aggregators for a cleaner process.
Is Adaptive Security remote-friendly?
The company is headquartered in the San Francisco Bay Area and hires across both in-person and remote US and Canada roles, varying by function. Check each Ashby posting for location requirements, as engineering, GTM, and operations roles have different policies.
How long does the interview process take?
Typically two to four weeks from application to offer when the process moves cleanly. A week or two of gap between rounds is normal at a company hiring across many roles simultaneously and is not usually a negative signal.
Should I expect to meet the founders?
Yes, in most processes. At roughly 20 to 50 people, founders interview every or nearly every hire. Prepare substantive questions about the 18-to-24-month roadmap, target ICP, competitive positioning, and hiring plan.
What is the compensation mix like?
Early-stage, equity-heavy. Base salaries are competitive for the Bay Area but not at public-company or late-stage levels. Equity is where the upside lives and also where the risk lives. Ask for equity percentage, 409A valuation, and vesting terms, not just share count, to evaluate the real economics.
What is the biggest risk of joining at this stage?
Three honest risks: (1) Series A runway is typically 18 to 24 months, so outcomes compress if product-market fit with enterprise buyers does not solidify on that timeline; (2) the AI security awareness category is crowded, and a legacy incumbent shipping a credible AI-native product would compress Adaptive's moat; (3) early-stage outcomes correlate tightly with Brian Long's repeat execution, which is a strong bet but still a concentrated one.
What backgrounds does Adaptive typically hire?
For engineering and ML: builders with shipped production experience in LLMs, voice or speech systems, security tooling, or abuse and fraud platforms. For GTM: security-sales veterans who have closed CISO and IT-director buyers, security-awareness-adjacent marketers, and customer success operators from cybersecurity SaaS. For operations and people: small-company generalists who can scale a function from first principles.
How should I prepare for the interview?
Read recent coverage of CEO deepfake fraud and voice-clone incidents (the 2024 MGM and Caesars cases are touchstones), understand the competitive landscape at a high level, and develop a point of view on why AI-attacker tooling changes the security awareness category. Bring concrete stories with numbers, and prepare two or three substantive questions about strategy and execution.

Open Positions

Adaptivesecurity currently has 9 open positions.

Check Your Resume Before Applying → View 9 open positions at Adaptivesecurity

Related Resources

Similar Companies

Sources

  1. Adaptive Security announces $43M Series A led by Andreessen Horowitz
  2. a16z portfolio: Adaptive Security investment thesis
  3. OpenAI Startup Fund portfolio
  4. Adaptive Security careers (Ashby job board)
  5. Brian Long LinkedIn profile (Attentive, TapCommerce, Adaptive)
  6. Attentive Series E: company reaches $7B valuation
  7. FBI IC3 report on AI-enabled social engineering and deepfake fraud
  8. CISA guidance on AI-enabled cyber threats
  9. SEC cybersecurity disclosure rule (final 2023)
  10. EU NIS2 directive overview
  11. MGM Resorts 2023 cyberattack (vishing vector reporting)
  12. Ashby ATS product overview