Fivetran

Fivetran is committed to providing a robust security program aimed at protecting customer information. Their development practices follow industry-standard secure coding guidelines, including those recommended by OWASP. The company enforces strong authentication measures, requiring developers and support staff to use single sign-on (SSO) with multi-factor authentication (MFA) and strong passwords. Administrative access to systems also mandates two-factor authentication and robust password controls.

Recent company-authored job postings show active, organization-wide adoption of AI coding tools (explicitly naming Copilot) and multiple senior security/platform security job descriptions require validating vulnerabilities and guiding remediation. These items together provide public, verifiable evidence (2024–2025 job listings + company security page) that Fivetran is expanding AI-driven developer workflows while placing significant validation and remediation responsibilities on security/platform roles—creating AppSec/developer-security friction.

Fivetran utilizes commercial third-party vulnerability scanning tools and Dynamic Application Security Testing (DAST) to identify application vulnerabilities. They implement an anomaly-based security monitoring system (SIEM-style) that collects cloud configuration, audit events, host/process/network data, and container image vulnerabilities to establish a baseline of normal behavior. The company engages in third-party penetration testing and maintains a responsible disclosure program. Fivetran also holds ISO/IEC 27001 certification, demonstrating a commitment to high information security standards.

Fivetran is a company with an estimated employee count of 1694, falling within the 1,001-5,000 employees range. This company size suggests a potentially substantial security organization, though specific details about the AppSec team's structure, leadership, or exact size are not publicly available.