As a Lead Application Security Engineer at Eve, you will build and scale the product and application security program, securing AI-native workflows and cloud environments. This hands-on role involves writing code, building automation, and hardening systems to ensure security without compromising trust.
195k – 300k/yr
Hybrid5+ YOESecurity Engineering
About the role
What You'll Do
Build and scale Eve's product and application security program across design reviews, threat modeling, code review, vulnerability management, and secure deployment.
Partner with engineering teams to secure AI-native workflows, including data handling, prompt-injection risk, model/tool access, and sensitive legal information flows.
Track emerging security trends, including red-team AI-based offensive tactics and blue-team AI-based defensive tactics where applicable, and translate them into pragmatic product and engineering roadmap recommendations.
Develop practical defenses for AI-enabled abuse cases such as prompt injection, model/tool misuse, data exfiltration, unsafe agent behavior, and sensitive legal data exposure.
Develop internal security tooling and automation for areas like dependency scanning, secrets detection, access review, abuse detection, and security workflow triage.
Review architecture and product changes for security risks, then help implement pragmatic fixes directly in the codebase when needed.
Strengthen cloud, infrastructure, and deployment security across identity, permissions, network boundaries, CI/CD, monitoring, and incident response.
Build security practices that help Eve move faster: clear standards, lightweight processes, reusable libraries, and guardrails that fit how engineers actually work.
Support compliance and customer trust efforts by helping translate Eve's security posture into clear, accurate technical evidence.
Stay close to the product and customers so security decisions reflect real user workflows, business needs, and the sensitivity of legal work.
What We're Looking For
Technical Depth: 5+ years of experience in application security, including significant time spent writing and reviewing code.
Software Engineering Skills: Proficiency in more than one major coding language. You should be comfortable contributing directly to the codebase.
Cloud & Containers: Practical experience securing cloud environments (AWS preferred) and a strong understanding of cloud security.
Systems Thinking: A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
AI Security Fluency: Awareness of red-team AI-based offensive tactics and blue-team AI-based defensive tactics, with good judgment about where those techniques apply in real products.
Security Curiosity & Roadmap Ownership: Staying current with the security landscape and turning emerging threats, tools, and defensive patterns into practical quarterly roadmap recommendations.
Pragmatism: The ability to balance security risks with business velocity. You should be able to propose creative "middle ground" solutions that reduce risk without blocking progress.
Versatility: A willingness to jump into areas adjacent to traditional AppSec—e.g. data analysis, AI security research, or protecting against prompt injection—to get the job done.
Nice To Have
Experience securing SaaS products that process sensitive customer data.
Experience with legal, healthcare, fintech, enterprise SaaS, or other regulated/high-trust environments.
Experience with Kubernetes, GCP/AWS, TypeScript, Python, Go, or similar production engineering stacks.
Familiarity with SAML, OAuth, OIDC, RBAC/ABAC, audit logging, data encryption, and enterprise security controls.
Experience building security programs at a high-growth startup.
Benefits
💰 Competitive Salary & Equity
💹 401(k) Program with Employer Matching
⚕️ Health, Dental, Vision and Life Insurance
🩼 Short Term and Long Term Disability
🚗 Commuter Benefits*
🧑💻 Autonomous Work Environment
🖥️ Workplace Setup Reimbursement
🏠 Telecomm Stipend
🏝 Flexible Time Off (FTO) + Holidays
🚀 Quarterly Team Gatherings
🥪 In office Perks*
*In office employees only
Skills
Application SecurityCloud SecurityAWSIdentity And Access ManagementSAMLOAuthIAMAi SecurityKubernetesGCPTypeScriptPythonGo
First dedicated Security Engineer owning application, infrastructure, and identity security for Orb's AWS-based revenue platform. Requires 5+ years in security or software engineering with depth in cloud security, IAM, and structural controls; partners with Adyen's security team.
195k – 265k/yr
Hybrid5+ YOESecurity Engineering
Senior Security Engineer, Offensive Security
DatadogNew York, NY
Senior Security Engineer executing sophisticated red team operations, building custom offensive tooling, and applying AI/automation to scale adversary simulations across cloud and Kubernetes environments.
195k – 240k/yr
Hybrid5+ YOESecurity Engineering
Senior Security Software Engineer
HoverSan Francisco, CA +1
Build and own core security services including auth, identity, and secrets management. Partner with engineering teams to embed secure-by-design practices across a Ruby/TypeScript/GCP stack.
Senior backend engineer to own and scale enforcement infrastructure processing millions of safety decisions daily. Requires 4+ years experience building distributed systems in Python on GCP with PostgreSQL, Redis, and gRPC.
196k – 221k/yr
On-site4+ YOESecurity Engineering
Senior Security Engineer, Enterprise Security
DiscordSan Francisco, CA
Senior Security Engineer implements and maintains enterprise security measures, focusing on data protection, zero-trust architecture, IAM systems, and endpoint management. Requires 3+ years in enterprise security and programming experience (Python, Go, Rust).