Companies that use Checkmarx One

Source: Analysis of job postings that mention Checkmarx One (using the Bloomberry Jobs API)

My analysis shows that Checkmarx One purchasing decisions are driven primarily by information security leaders and technology directors. The Manager, Information Security roles (11%) and Director-level positions in IT (5%) are making strategic procurement decisions. These buyers are focused on consolidating application security platforms, as evidenced by roles requiring oversight of programs that prevent introduction of unmanaged risks through code changes. Their priorities center on enterprise-wide security posture and AppSec program maturity.

The primary users are DevOps Engineers (37%) and Application Security Analysts (11%), who integrate Checkmarx One into CI/CD pipelines alongside other security tools. I noticed these practitioners are implementing SAST and SCA scans within GitHub Actions and Jenkins workflows, troubleshooting pipeline runs, and managing vulnerability remediation. They work closely with development teams to ensure security testing happens throughout the software development lifecycle, from code commit through production deployment.

The job descriptions reveal three key pain points organizations are trying to solve. Companies want to industrialize and automate deployment processes to guarantee reliable updates. Multiple postings emphasize the need to secure code sources and identify and remediate application vulnerabilities efficiently. One role specifically mentions helping enterprises build DevSecTrust while balancing the dynamic needs of security and development teams, highlighting the ongoing challenge of integrating security without slowing down delivery velocity.

Source: Analysis of Linkedin bios of 1,536 companies that use Checkmarx One

I noticed that Checkmarx One's customers are predominantly large, established organizations operating critical infrastructure and services that directly impact millions of people. These aren't tech startups building consumer apps. They're banks processing financial transactions (Karnataka Bank, Nykredit, Eximbank Vietnam), healthcare systems managing patient data (Adventist Health, IHH Healthcare, Sanitas), logistics companies moving goods globally (DHL Express, Maersk, CEVA Logistics), and government agencies collecting taxes or administering justice (Servicio de Impuestos Internos, Fiscalía General de la Nación). Many manufacture physical products like vehicles (Maruti Suzuki, Mercedes-Benz, Mothersun Group) or provide essential utilities (Iberdrola, National Gas).

These are mature enterprises, not startups. The employee counts tell the story: over 60% have more than 1,000 employees, with many exceeding 10,000. They describe decades of operation (Nykredit's "160 years," Unum "founded in 1848," Galp's longstanding operations). They mention serving millions of customers, operating in dozens of countries, and managing billions in assets or revenue. When funding is mentioned, it's typically debt financing or post-IPO activity, not venture rounds.

Source: Analysis of tech stacks from 1,536 companies that use Checkmarx One

I noticed that Checkmarx One users are predominantly large, security-conscious enterprises with complex organizational needs. The presence of tools like Proofpoint Security Training, OneLogin, and ServiceNow tells me these companies treat security as a comprehensive program rather than a point solution. They're likely in regulated industries or handle sensitive data at scale, which explains why they'd invest in application security testing alongside identity management and security awareness training.

The pairing of Checkmarx One with ServiceNow is particularly revealing. These companies are running formal IT service management processes, which suggests they have structured development workflows and change management requirements. When you add OneLogin for identity management, you see organizations where access control and audit trails matter significantly. The Proofpoint Security Training correlation reinforces this pattern. These aren't just buying security tools, they're building security cultures from the ground up.

What surprises me most is Qualtrics and Adobe Audience Manager appearing so frequently. This suggests many Checkmarx One customers are customer-facing businesses that need to protect applications handling user data and experiences. They're likely running sophisticated digital properties where both security and customer experience are competitive differentiators. Mindtickle's presence, though in fewer companies, points to sales enablement maturity, which typically indicates B2B enterprises with complex sales cycles.