Engineering Manager

The 200 milestone: a global team across 18 countries. Sahar Sabouni Chief People Officer When Filigran launched in October 2022, Filigran SAS were a team of 15 with a clear conviction: cybersecurity needed a more open, collaborative, and proactive approach, especially in terms of how Filigran SAS operationalize threat intelligence. Less than three years later, Filigran SAS crossed a major milestone: 220+ employees across 18 countries. This growth reflects not only how quickly Filigran SAS has scaled, but how Filigran SAS chose to do it: without borders, fully remote, and grounded in open source. Tl;dr. * Filigran has grown from 15 to 200 employees in under three years, spanning 18 countries across five continents. * 6,500+ organizations worldwide - customers, partners and community users - rely on Filigran solutions. * Recognized as a LinkedIn Top Startup, part of the French Tech Next 40/120, and ranked in the top 30 of the IT-Harvest Cyber 150 2026, Filigran SAS is building something that matters. * Filigran SAS is hiring. If you want to shape the future of cybersecurity, Filigran SAS want to meet you. From open source to global scale. Cyber defense has long been reactive - overwhelmed by alerts, fragmented tools, and constantly one step behind attackers. This challenge shaped its mission from the beginning: to empower defense teams to be proactive, using open source to build security solutions that uncover threats and drive action. Its mission, in turn, shaped everything that followed, from how Filigran SAS build its products to how Filigran SAS engage with the cybersecurity community. By building alongside practitioners rather than behind closed doors, Filigran SAS earned trust early. Today, Filigran platform, XTM, supports thousands of organizations worldwide, helping them transform cyber threat intelligence into meaningful, operational outcomes. Trusted by security teams worldwide. More than 6,500 organizations worldwide, from government sector to commercial (including Rivian, the FBI, and the European Commission) rely on Filigran to protect their most critical assets. At Rivian, deploying OpenCTI across the Security Operations Center led to an 88% reduction in threat detection time, significantly accelerating incident response. The real-world impact of its products further fueled strong investor confidence - and in just three years, Filigran SAS has raised over $100 million from leading investors including Eurazeo, Accel, Insight Partners, and Deutsche Telekom (T.Capital). A diverse and global team of experts. Filigran is a remote-first company, with a deliberately global approach to hiring. This model has allowed Filigran SAS to build a truly global organization. Today, its team spans 18 countries, from France, where it all started, to the United States, all across Europe, and to Japan, Australia, Singapore, and Saudi Arabia. Being fully remote and globally distributed is not a compromise for Filigran SAS. It is a competitive advantage allowing Filigran SAS to enter new markets deliberately and build teams that reflect the environments Filigran SAS serve. It also means Filigran SAS hire the best people for the role, regardless of location. Its 30+ nationalities are not just a fun statistic, they are one of the reasons customers choose Filigran. This is not just its philosophy, data from McKinsey's Diversity Matters Even More report (2023) found that companies in the top quartile for ethnic and cultural diversity are 39% more likely to financially outperform their less diverse peers. Its XTM Platform. Filigran's eXtended Threat Management (XTM) platform represents a fundamental shift in how security teams approach cyber defense: moving from reactive, siloed tools to a unified, intelligence-driven ecosystem built on open-source principles. Open-Source first, community-led. Everything Filigran SAS build is open, auditable, and yours. No black boxes, no lock-in, no "trust us." Its community of 6,500+ practitioners and contributors builds alongside Filigran SAS, and that's not a marketing line, it's how Filigran SAS ship software. This open-source foundation ensures transparency, extensibility, and vendor independence. From threat intelligence to validated resilience. What began with OpenCTI, a centralized tool to manage all threat intelligence, has expanded into a comprehensive suite that closes the loop between knowing threats, prioritizing them and proving you can stop them. OpenCTI maps your threat landscape with structured, relevant threat intelligence, which significantly scales your threat detection and response capabilities. OpenAEV, its adversarial exposure validation platform, turns that context into continuous, adversary-aligned validation, enabling organizations to validate their defenses against real-world attack scenarios rather than generic tests. And with OpenAEV, you can test not only your security tools but assess your human readiness also, providing a standardized approach to table-top exercises. Continuous Threat Exposure Management (CTEM) in practice. Together, OpenCTI and OpenAEV enable Continuous Threat Exposure Management (CTEM), not as a buzzword, but as an operational reality. OpenCTI feeds structured, relevant threat intelligence into your environment; OpenAEV validates your exposure against it. The result is a proactive security loop that keeps pace with real-world adversaries, continuously answering the questions that matter: what can actually hurt Filigran SAS, and are Filigran SAS able to stop it? Intelligence meets automation. With the introduction of Agentic AI, the platform deploys autonomous AI agents that correlate cross-product data to deliver meaningful insights and automate repetitive tasks like importing threat feeds, natural language search, threat summaries, report generation, scenarios creation and remediation etc. AI is used as an embedded capability that helps analysts process each stage of threat management faster and more efficient. And with XTM One on the horizon, Filigran SAS is centralizing AI datasets, directives, and KPIs across the entire suite. The addition of OpenGRC, launching later this year, will transform static compliance practices into dynamic, threat-informed risk management, enabling CISOs to make confident, data-driven decisions. Together, these components embody the full eXtended Threat Management cycle: from intelligence collection and operationalization, to continuous defense validation, to risk quantification and governance, all built on an open-source foundation. New frontiers: Japan, Saudi Arabia, Singapore. Filigran's expansion into Japan, Saudi Arabia, and Singapore marks a deliberate step in its global growth strategy. In Japan, Filigran SAS is entering a market characterized by advanced technological infrastructure and an increasing focus on cyber resilience - establishing a new go-to-market stage that will strengthen its presence across Asia-Pacific. Saudi Arabia and Singapore represent exciting market entries that extend its footprint into the Middle East and Southeast Asia, regions with rapidly evolving cybersecurity needs and significant investment in digital infrastructure. These market entries are not just about geographic reach. They reflect its commitment to hiring local talent who understand regional threat landscapes, regulatory requirements, and customer needs. By building teams on the ground in these key markets, Filigran SAS ensure that its product suite remains relevant, responsive, and trusted - no matter where its customers operate. Remote-first does not mean remote-only. Last week, Filigran SAS brought its entire 220+ global team together in Barcelona for its annual Global Get-Together. For many of Filigran SAS, it was the first time meeting colleagues face-to-face. The energy was unmistakable. Across strategy sessions, fireside chats and panel discussions with industry leaders, customers, and partners, employee pitches, and shared moments, one thing was clear: strong culture is built on trust and ownership, regardless of distance. Barcelona did not create its culture. It confirmed it. Where Filigran SAS is and where Filigran SAS is going. Filigran has been recognized as a LinkedIn Top Startup, included in the French Tech Next 40/120 program, and is the highest-funded French cybersecurity vendor, acknowledgments of both its momentum and its ambition. While Filigran SAS is proud of these recognitions, what truly drives Filigran SAS is not rankings, but the strength of its team, its partners, its customers, its product suite and the mission that unites it all. Excited about what Filigran SAS is building at Filigran and want to help shape the future of cybersecurity? Filigran SAS is hiring across the company apply via its Careers Page and follow its Filigran on LinkedIn to learn more about its culture, people, and the impact Filigran SAS is making. Connect with thousands of Filigran users to learn, share insights, and enhance your skills, whether you're new or actively using its XTM Platform, join the Filigran Community now.

Filigran named a Leader in the G2 Winter 2026 Threat Intelligence Grid(R) Report. Filigran SAS is proud to share that Filigran has been named a Leader in the G2 Winter 2026 Threat Intelligence Grid(R) Report. This achievement marks an important moment for its team and for the global threat intelligence community that supports and contributes to its work. At Filigran, Filigran SAS is building open-source and AI-augmented proactive cyber security solutions, for organizations to anticipate threats better and improve their security posture continuously. Being recognized as a Leader only a few years after its founding reflects the strong alignment between its mission and the needs of security teams worldwide. Today, more than 6,000 CTI practitioners trust Filigran to power their threat intelligence and CTEM programs, and this recognition belongs to them as much as it belongs to Filigran SAS. * Filigran named a Leader in G2 Winter 2026 Threat Intelligence Grid(R) Report * OpenCTI by Filigran receives 100% 4- or 5-star ratings and 94% recommendation rate * Users Love Us and Regional Leader badges recognize positive customer experience and wide adoption * OpenCTI enables organizations to centralize threat intelligence, accelerates SOC workflows, and fosters collaboration Validated by the Threat Intelligence community. This report is based on independent reviews from verified users and positions Filigran as a Leader because of its strong customer satisfaction and growing market presence. According to the Winter 2026 report for Threat Intelligence: * 100 percent of users rated OpenCTI 4 or 5 stars * 100 percent of users believe the product is heading in the right direction * 94 percent would recommend OpenCTI * NPS score of 86 These results tell a simple story. Users trust the OpenCTI platform to power real threat intelligence operations in real environments and to scale with them as their CTI programs evolve. Additional recognitions and badges. In addition to being named a Leader in the Threat Intelligence category, Filigran is proud to have earned two other notable badges on G2: * Users Love Us: highlighting the high satisfaction and loyalty of its verified users. * Regional Leader: recognizing strong adoption and impact across Europe and the EMEA region. What users love most about OpenCTI. Celebrating its G2 achievements. * Trusted by security teams globally * Loved by customers for the ease of working with Filigran SAS * Driving innovation in the threat/ exposure management space Powerful integrations that accelerate detection. OpenCTI centralizes threat intelligence and connects seamlessly with SIEMs/SOARs, internal data sources, and external feeds. Analysts can enrich, correlate, and investigate threats without switching tools, dramatically improving detection and response speed. "OpenCTI has drastically reduced our Mean Time to Detect (MTTD) for Threat Hunting in the SOC." G2 Reviewer The platform's extensive integrations, combined with high-quality documentation and responsive support, ensure teams can implement it quickly and scale it with confidence. Transforms how teams collaborate. OpenCTI creates a shared intelligence hub that unifies CTI, SOC, IR, vulnerability teams, and management. By centralizing data, automated workflows and CTI sharing capabilities, the platform fosters collaboration, visibility, and structured reporting across functions. Daily usage of OpenCTI enables consistent context sharing, improved situational awareness, and streamlined communication across teams. A community and vendor ecosystem that drives fast innovation. OpenCTI's open-source architecture and active global community accelerate new features, improvements, and integrations. Rapid iteration ensures the platform stays aligned with the evolving needs of security teams. Filigran's support team complements the community, providing hands-on guidance for implementation and optimization. A truly centralized intelligence platform. OpenCTI serves as the backbone for cyber threat intelligence, incident response, and SOC operations. By consolidating reporting, indicators, cases, identities, and external sources into a single structured environment, teams can correlate threats faster and respond more effectively. This centralization reduces operational friction, improves investigative workflows, and ensures intelligence drives actionable security decisions. Read the full G2 report. You can explore the complete findings in the G2 Winter 2026 Threat Intelligence Grid(R) Report. The report provides detailed insights into vendor performance, user satisfaction, and feature comparisons across the Threat Intelligence category. Being named a Leader on G2 is more than a badge for Filigran SAS. It reflects the results its users are achieving every day: faster detection, smarter correlation, and better collaboration across their security functions. OpenCTI continues to grow as a platform that unifies intelligence, operations, and investigation under a single, open, community-powered ecosystem. Filigran SAS is grateful for the trust of the global community and excited for what comes next. Enjoy and feel free to ask any questions about it on its Slack community channel!

Introducing OpenAEV: the next evolution in proactive security validation. When Filigran SAS first launched OpenBAS, Filigran SAS set out to operationalize breach and attack simulation, making it accessible, transparent, and actionable for every security team. Thanks to your feedback and support, the Community Edition (CE) delivered on that promise. As Filigran SAS evolved the platform and incorporated community's feedback, Filigran SAS broadened the use cases and doubled down on meaningful outcomes: clearer findings, prioritized recommendations, and workflows that mobilize security teams to close gaps. Filigran SAS learned that real progress happens in a continuous, closed loop - prioritize, validate, remediate, and verify. Today, Filigran SAS is proud to introduce OpenAEV (Adversarial Exposure Validation), the next chapter in its journey toward continuous threat exposure management. And for organizations that need to run at scale, Filigran SAS is launching OpenAEV Enterprise Edition (EE), combining AI-driven automation with guided remediation to provide enterprise-grade scalability and impact. * OpenAEV introduces Adversarial Exposure Validation (AEV), the next step beyond Breach and Attack Simulation. * It connects threat intelligence, exposure data, and validation to show what really matters and how to fix it. * The Enterprise Edition adds AI automation, remediation guidance, and scalability for large environments. * OpenAEV works with OpenCTI and XTM Hub for seamless, intel-driven defense. * The Filigran Academy and Scenario Library help teams learn faster and mature their exposure management programs. From simulation to continuous validation. If you've read its recent post on the shift from BAS to AEV, you already know the story behind this evolution. The world of breach and attack simulation has changed. Security teams no longer want isolated tests; they want continuous visibility, actionable insights, and validation that reflects how modern attackers actually operate. Adversarial Exposure Validation (AEV) represents that evolution. It connects the dots between threat intelligence, exposures, and validation to answer a single, crucial question: what can actually hurt Filigran SAS, and how do Filigran SAS stop it? OpenAEV is built to help teams continuously assess, prioritize, and improve their defenses. And it allows defenses to be tested from all angles - tools, processes and people. Its industry's first open-source, threat-informed end-to-end AEV solution. OpenAEV is tightly integrated with OpenCTI: OpenCTI surfaces threats and exposures; OpenAEV makes them actionable. The bi-directional connection lets you build intel-driven, prioritized scenarios in OpenCTI and launch them in OpenAEV, closing the loop from insight to validation to improvement. Connecting technology, people, and processes. Security validation isn't only about technology. It's about people: their decisions, reactions, and coordination under pressure. OpenAEV supports this human readiness through built-in tabletop exercises so teams can simulate both attack scenarios and end-to-end crisis response. This is essential for validating and stress-testing your incident response plan. Ditch the manual checklists and Excel sheets: OpenAEV standardizes, automates, and scales tabletop programs globally. When the Swiss Federal Department of Foreign Affairs (FDFA) went on a lookout for a crisis management tool to conduct situational awareness and table-top exercises, they turned to Filigran. Managing security across 170 locations worldwide, they faced the ultimate scalability challenge. Traditional annual exercises couldn't possibly prepare their globally distributed team for the diverse threats they face. Fast track your operations with OpenAEV Enterprise Edition. While OpenAEV Community Edition (CE) lets you explore the platform, see the benefits, and help you build the business case for your exposure validation program, the Enterprise Edition (EE) supercharges it with: * Ability to use your existing EDR agents for seamless execution, without additional overload on already resource constrainted endpoints * Automated workflows and AI-assisted scenario generation for faster testing and coverage while and still fully customizable * AI-powered remediation guidance that augments human intelligence with prioritized, actionable recommendations * Dedicated support by a committed team of Filigran and AEV experts * SaaS deployment hosted by Filigran for ease of use and scalability Its commitment to your exposure management journey. Behind its open-source and community-based product philosophy, lies its committment to your exposure management journey, from helping you build first use case to full-scale program. To this effect, Filigran SAS is also launching two new initiatives today: Filigran Academy: learn, grow, and Master AEV. Filigran Academy was created to empower security professionals through structured, hands-on learning about threat management. Filigran SAS is now expanding it with OpenAEV courses, offering three learning paths to guide you from fundamentals to advanced mastery. * OpenAEV 101: Introduction to Adversarial Exposure Validation - Build your foundation in AEV with hands-on OpenAEV training from Filigran Academy. * OpenAEV 201: Operational Integration and Continuous Validation - Learn to integrate and automate OpenAEV across your security ecosystem. * OpenAEV 301: Advanced Scenario Design and Program Maturity - Master advanced simulations and lead a mature AEV program through expert-led sessions. Whether you're new to AEV or already building continuous validation workflows, these courses will help you and your team get more from OpenAEV and the broader Filigran ecosystem. Scenario Library: available via XTM Hub. XTM Hub is its central resource library for the entire Filigran XTM Suite, connecting users to the content they need to get value faster. Today, custom scenarios are ready to be uploaded and used directly in OpenAEV, and soon, XTM Hub will include even more resources to accelerate learning and experimentation. Users are now able to register their OpenAEV platform directly in XTM Hub. From there, every resource (a new scenario, payloads...) will be just one click away from deployment. No more downloading and uploading files manually. Just pick what you need, and it's instantly available in your OpenAEV instance. This is its next step toward seamless collaboration and speed. Live webinar: operationalizing Incident Response with AEV. This November, join Filigran SAS for a live webinar on "Operationalizing IR: Compliance-Ready Tabletop Exercises with an AEV Platform." Tabletop exercises are a key part of every Incident Response (IR) plan, but scaling them effectively has always been difficult. In this session, its expert panel will explore how an Adversarial Exposure Validation (AEV) platform like OpenAEV can help organizations standardize, automate, and scale tabletop exercises across teams and regions. * Integrate tabletop exercises to measure and improve human readiness * Build compliance-ready IR programs aligned with DORA and NIS2 * Extend security validation beyond tools to include real-world response A new chapter in proactive defense. The launch of OpenAEV CE and EE marks an important milestone in Filigran's journey, but it's also part of something bigger: a collective shift in how the security community approaches exposure management and validation. Together, Filigran SAS is moving from testing in isolation to validating continuously. From running tools to building resilience. From simulation to Adversarial Exposure Validation. Whether you're using the Community Edition, exploring the Enterprise Edition, diving into the XTM Hub, or learning through the Filigran Academy, OpenAEV is here to help you stay ahead.