# Platform Engineer, Security

**Company:** [Decagon](https://hotfix.jobs/companies/decagon)
**Location:** San Francisco, CA
**Role:** Security Engineering
**Salary:** $200k – $330k/yr
**Experience:** 3+ years
**Skills:** Application Security, Threat Modeling, Secure Code Review, SAST, DAST, Iast, Ci/Cd Security, Owasp Top 10, Vulnerability Management, Semgrep, Codeql, Google Cloud Security, Container Security
**Posted:** 2026-06-05

> Lead application security strategy and implementation for Decagon's conversational AI platform. Partner with engineering teams to build security into AI-powered applications and establish testing programs.

## Job Description

## Responsibilities
- Design and implement application security controls across our AI agent platform, including secure coding practices, threat modeling, and vulnerability management
- Collaborate closely with product engineering teams to integrate security throughout the software development lifecycle, from design, coding, PR, and deployment
- Establish application security testing programs including static analysis (SAST), dynamic analysis (DAST), and interactive testing (IAST) tailored for AI applications
- Lead security code reviews and architecture assessments for new features, with special focus on AI model integration points and customer data handling
- Build security tooling and automation to enable developers to identify and remediate vulnerabilities quickly while maintaining development velocity
- Respond to security incidents involving application vulnerabilities, coordinating remediation efforts and post-incident improvements

## Requirements
- 3-5 years of hands-on application security engineering experience
- Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment
- Strong software engineering background with ability to review code across multiple languages and frameworks commonly used in AI/ML applications
- Experience implementing application security testing tools and integrating security into CI/CD pipelines
- Knowledge of OWASP Top 10, common application vulnerabilities, and modern application security frameworks
- Proven track record working with engineering teams to remediate security findings while balancing security and business requirements

## Nice-to-Haves
- Experience securing AI/ML applications, including prompt injection, model extraction, and adversarial input protections
- Background with large-scale, multi-tenant SaaS applications handling sensitive customer data
- Familiarity with Google Cloud application security services and container security best practices
- Knowledge of enterprise compliance requirements (SOC 2, ISO 27001, GDPR) from an application security perspective
- Experience with modern security tools like Semgrep, CodeQL, Cursor Bug Bot, XBOW, or similar

## Similar roles

- [Security Engineer](https://hotfix.jobs/jobs/9731ca0c-3722-4ec9-9644-4515044e6890) - Nooks - San Francisco, CA - $200k – $315k/yr
- [Security engineer, detection and response (US)](https://hotfix.jobs/jobs/98c71ebc-3ff0-469d-9a49-eb98d9aec3ac) - Writer - San Francisco, CA - $200k – $240k/yr
- [Software Engineer, Trust](https://hotfix.jobs/jobs/c95c63b6-81e4-4554-b381-9d38e3dd4801) - Notion - San Francisco, CA - $200k – $280k/yr
- [Infrastructure Engineer, Security](https://hotfix.jobs/jobs/911010b2-5649-4288-bbd0-0172261e1e28) - Thinking Machines Lab - San Francisco, CA - $200k – $475k/yr
- [Security Engineer](https://hotfix.jobs/jobs/f0f751da-c4de-43a0-a51c-945a1999b0b7) - Decagon - San Francisco, CA - $200k – $330k/yr

**Apply:** https://hotfix.jobs/jobs/8ec09390-4b0b-4859-96b3-efafc456226c
**Canonical:** https://hotfix.jobs/jobs/8ec09390-4b0b-4859-96b3-efafc456226c