Skip to content
CursorCursorNew York, NY

Engineering Manager, Agent & Product Security

Lead the security engineering team building primitives for agent identity, authority, isolation, and policy enforcement to enable safe autonomous AI coding agents at Cursor. Requires strong product-systems judgment, modern appsec expertise, and comfort with ambiguity in a high-stakes environment.

Salary not listed
Hybrid5+ YOESecurity Engineering

About the role

Responsibilities

  • Chart the path from supervised agents to trusted autonomous ones: define the security primitives that enable agent autonomy, and lead the team that builds them.
  • Engineer the isolation that makes Cursor safe to run inside customers’ most valuable codebases: tenancy, workspace, secret, and data protections designed for real adversaries.
  • Build the authority infrastructure autonomous agents need: identity, scoped permissions, policy enforcement, and secure tool execution, so an agent can hold real responsibility with verifiable limits and full accountability.
  • Build customer-facing security controls that are understandable, usable, and strong enough for Cursor’s most security-sensitive customers, with crisp success metrics for security outcomes.
  • Hire, coach, and grow a high-performing security engineering team while staying technically close to the work: write and review code where useful, and keep execution fast and technically grounded.

Requirements

  • Led engineering teams shipping production systems with high security, reliability, or platform stakes.
  • Strong product and systems judgment: reason from user workflows to architecture, threat models, enforcement points, and operational tradeoffs.
  • See security as something that enables product capability, not only restricts it.
  • Understand modern application security, authorization, tenancy, identity, secrets, data isolation, and secure-by-default platform design.
  • Good instincts about AI agents: how they use tools, where authority should come from, how prompt injection and exfiltration show up in practice, and how to build mitigations that hold up against creative adversaries.
  • Comfortable operating in ambiguity: set strategy where precedent is thin, commit to a direction, and stay close enough to the implementation to know when to change it.
  • Partner well across product, infrastructure, ML, and customer-facing teams.

Nice-to-Haves

  • Experience in a small, talent-dense, flat organization.
  • Passion for truth-seeking, creative problem-solving in AI and security.

Skills

Application SecurityAuthorizationIdentity ManagementSecrets ManagementData IsolationPolicy EnforcementThreat ModelingPrompt Injection MitigationAi Agent SecuritySecure Tool Execution
Cloudflare

Insider Threat Engineer

CloudflareUnited States

Lead technical investigations, threat hunting, detection development, and response for insider threats. Partner closely with Legal, HR, and Privacy teams while ensuring compliance with regulatory, legal, and ethical standards. Requires 5+ years in security with forensics/investigations focus.

Salary not listed
Hybrid5+ YOESecurity Engineering
Runpod

Cloud Infrastructure Security Engineer

RunpodUnited States

Systems-focused Cloud Infrastructure Security Engineer responsible for securing Runpod's multitenant GPU bare-metal and virtualized environments. Requires 5+ years in infrastructure security, deep Linux kernel and virtualization expertise (KVM/QEMU), and low-level programming (C/Go/Rust) to prevent breakouts and harden against threats.

152k – 175k/yr
Remote5+ YOESecurity Engineering
Runpod

Full Stack Security Engineer

RunpodUnited States

Full Stack Security Engineer embedding with engineering teams to secure Runpod's AI cloud platform. Lead threat modeling, fix vulnerabilities by writing code in Python/Go/TS, implement DevSecOps pipelines, and champion security across web apps, APIs, and microservices.

152k – 175k/yr
Remote5+ YOESecurity Engineering
Forus

Security Program Manager

ForusNew York, NY

Own end-to-end compliance programs (SOC 2, HIPAA, HITRUST), build customer trust function, implement automation, and partner with engineering on controls for a healthcare AI platform handling protected health information.

Salary not listed
On-site4+ YOESecurity Engineering
Anthropic

Safeguards Enforcement Analyst, Account Takeover & Credential Abuse

AnthropicSan Francisco, CA +2

Safeguards Enforcement Analyst focused on account takeover and credential abuse. Investigate compromise incidents, design remediation workflows, partner with engineering on detection, enforce AI usage policies, and develop scalable enforcement programs for platform safety.

245k – 285k/yr
HybridSecurity Engineering