Lead Application Security Engineer

What You'll Do

• Build and scale Eve's product and application security program across design reviews, threat modeling, code review, vulnerability management, and secure deployment.
• Partner with engineering teams to secure AI-native workflows, including data handling, prompt-injection risk, model/tool access, and sensitive legal information flows.
• Track emerging security trends, including red-team AI-based offensive tactics and blue-team AI-based defensive tactics where applicable, and translate them into pragmatic product and engineering roadmap recommendations.
• Develop practical defenses for AI-enabled abuse cases such as prompt injection, model/tool misuse, data exfiltration, unsafe agent behavior, and sensitive legal data exposure.
• Develop internal security tooling and automation for areas like dependency scanning, secrets detection, access review, abuse detection, and security workflow triage.
• Review architecture and product changes for security risks, then help implement pragmatic fixes directly in the codebase when needed.
• Strengthen cloud, infrastructure, and deployment security across identity, permissions, network boundaries, CI/CD, monitoring, and incident response.
• Build security practices that help Eve move faster: clear standards, lightweight processes, reusable libraries, and guardrails that fit how engineers actually work.
• Support compliance and customer trust efforts by helping translate Eve's security posture into clear, accurate technical evidence.
• Stay close to the product and customers so security decisions reflect real user workflows, business needs, and the sensitivity of legal work.

What We're Looking For

• Technical Depth: 5+ years of experience in application security, including significant time spent writing and reviewing code.
• Software Engineering Skills: Proficiency in more than one major coding language. You should be comfortable contributing directly to the codebase.
• Cloud & Containers: Practical experience securing cloud environments (AWS preferred) and a strong understanding of cloud security.
• Systems Thinking: A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
• AI Security Fluency: Awareness of red-team AI-based offensive tactics and blue-team AI-based defensive tactics, with good judgment about where those techniques apply in real products.
• Security Curiosity & Roadmap Ownership: Staying current with the security landscape and turning emerging threats, tools, and defensive patterns into practical quarterly roadmap recommendations.
• Pragmatism: The ability to balance security risks with business velocity. You should be able to propose creative "middle ground" solutions that reduce risk without blocking progress.
• Versatility: A willingness to jump into areas adjacent to traditional AppSec—e.g. data analysis, AI security research, or protecting against prompt injection—to get the job done.

Nice To Have

• Experience securing SaaS products that process sensitive customer data.
• Experience with legal, healthcare, fintech, enterprise SaaS, or other regulated/high-trust environments.
• Experience with Kubernetes, GCP/AWS, TypeScript, Python, Go, or similar production engineering stacks.
• Familiarity with SAML, OAuth, OIDC, RBAC/ABAC, audit logging, data encryption, and enterprise security controls.
• Experience building security programs at a high-growth startup.

Benefits

• 💰 Competitive Salary & Equity
• 💹 401(k) Program with Employer Matching
• ⚕️ Health, Dental, Vision and Life Insurance
• 🩼 Short Term and Long Term Disability
• 🚗 Commuter Benefits*
• 🧑‍💻 Autonomous Work Environment
• 🖥️ Workplace Setup Reimbursement
• 🏠 Telecomm Stipend
• 🏝 Flexible Time Off (FTO) + Holidays
• 🚀 Quarterly Team Gatherings
• 🥪 In office Perks*

*In office employees only