What You’ll Do
- Partner with product and research teams to embed security into the development lifecycle: threat modeling, design reviews, and secure defaults for new features.
- Design and implement security controls across our product stack (authentication, authorization, session management, input validation, etc.).
- Build and maintain security tooling and automation for engineers: secure frameworks and templates, CI/CD checks, dependency management, and vulnerability detection.
- Collaborate with researchers to identify and mitigate AI-specific product risks, such as model abuse, prompt injection, data leakage, or misuse of capabilities.
- Improve observability and detection for security-relevant events: access anomalies, abuse patterns, and suspicious behavior in production.
Skills and Qualifications
Minimum qualifications:
- Bachelor’s degree or equivalent experience in computer science, engineering, or similar.
- Proficiency in at least one backend language (we use Python or Rust).
- Strong generalist software engineering background and ability to review production code for security risks.
- Hands-on experience securing web apps and APIs especially auth flows, access control, secrets management, input validation, and data protection.
- Familiarity with common vulnerability classes and prevention frameworks; experience hardening prototypes into production.
- Comfort with modern cloud infrastructure and understanding how application concerns intersect with infrastructure.
- Comfort operating across the stack and owning projects end-to-end.
- Thrive in a highly collaborative environment involving many, different cross-functional partners and subject matter experts.
- A bias for action with a mindset to take initiative to work across different stacks and different teams where you spot the opportunity to make sure something ships.
Preferred qualifications:
- Experience securing AI‑powered products or working with ML/LLM APIs and their unique threat models.
- Background in human-computer interaction, especially where security or trust plays a central role in the user experience.
- Strong skills in rapid prototyping and iteration, with a habit of turning ad-hoc fixes into reusable patterns and tools.
- Open‑source security work, bug bounty write‑ups, or published tooling.
Logistics
Compensation: Depending on background, skills and experience, the expected annual salary range for this position is $350,000 - $475,000 USD.
Benefits: Thinking Machines offers generous health, dental, and vision benefits, unlimited PTO, paid parental leave, and relocation support as needed.