Skip to content
DecagonDecagonSan Francisco, CA

Platform Engineer, Security

Lead application security strategy and implementation for Decagon's conversational AI platform. Partner with engineering teams to build security into AI-powered applications and establish testing programs.

200k – 330k/yr
On-site3+ YOESecurity Engineering

About the role

Responsibilities

  • Design and implement application security controls across our AI agent platform, including secure coding practices, threat modeling, and vulnerability management
  • Collaborate closely with product engineering teams to integrate security throughout the software development lifecycle, from design, coding, PR, and deployment
  • Establish application security testing programs including static analysis (SAST), dynamic analysis (DAST), and interactive testing (IAST) tailored for AI applications
  • Lead security code reviews and architecture assessments for new features, with special focus on AI model integration points and customer data handling
  • Build security tooling and automation to enable developers to identify and remediate vulnerabilities quickly while maintaining development velocity
  • Respond to security incidents involving application vulnerabilities, coordinating remediation efforts and post-incident improvements

Requirements

  • 3-5 years of hands-on application security engineering experience
  • Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment
  • Strong software engineering background with ability to review code across multiple languages and frameworks commonly used in AI/ML applications
  • Experience implementing application security testing tools and integrating security into CI/CD pipelines
  • Knowledge of OWASP Top 10, common application vulnerabilities, and modern application security frameworks
  • Proven track record working with engineering teams to remediate security findings while balancing security and business requirements

Nice-to-Haves

  • Experience securing AI/ML applications, including prompt injection, model extraction, and adversarial input protections
  • Background with large-scale, multi-tenant SaaS applications handling sensitive customer data
  • Familiarity with Google Cloud application security services and container security best practices
  • Knowledge of enterprise compliance requirements (SOC 2, ISO 27001, GDPR) from an application security perspective
  • Experience with modern security tools like Semgrep, CodeQL, Cursor Bug Bot, XBOW, or similar

Skills

Application SecurityThreat ModelingSecure Code ReviewSASTDASTIastCi/Cd SecurityOwasp Top 10Vulnerability ManagementSemgrepCodeqlGoogle Cloud SecurityContainer Security
Nooks

Security Engineer

NooksSan Francisco, CA

Second Security Engineer at Nooks.ai, securing an AI-native sales platform and its AI agents. Own threat modeling, secure SDLC, cloud hardening, compliance (SOC 2), and novel AI security challenges (guardrails, prompt injection). Requires 4-5+ years in infosec with strong app/cloud security fundamentals; startup experience preferred.

200k – 315k/yr
Hybrid5+ YOESecurity Engineering
Writer

Security engineer, detection and response (US)

WriterSan Francisco, CA

Builds and implements detection systems and automated responses for AI-specific threats like prompt injection and model extraction on distributed GPU infrastructure. Leads incident response, proactive threat hunting, and cross-team security coordination with 3-5+ years in security operations.

200k – 240k/yr
Hybrid3+ YOESecurity Engineering
Notion

Software Engineer, Trust

NotionSan Francisco, CA +1

Builds authentication, security features, and AI-powered risk detection systems to ensure user trust and safety at scale. Requires 5-8 years experience in trust/safety/security with cross-functional collaboration.

200k – 280k/yr
Hybrid5+ YOESecurity Engineering
Thinking Machines Lab

Infrastructure Engineer, Security

Thinking Machines LabSan Francisco, CA

Owns and evolves security infrastructure across compute, storage, networking, and data platforms for foundation models. Architects secure patterns, manages identities/secrets, builds threat models, and automates security checks in Kubernetes/cloud environments. Requires strong systems programming and infra experience.

200k – 475k/yr
On-siteSecurity Engineering
Decagon

Security Engineer

DecagonSan Francisco, CA

Build and scale security foundations for Decagon's AI customer experience platform, implementing controls, tooling, detection pipelines, and partnering with engineering teams. Requires 3+ years security engineering with strong coding skills and cloud experience, ideally Google Cloud; onsite in San Francisco.

200k – 330k/yr
On-site3+ YOESecurity Engineering