Platform Engineer, Security
Lead application security strategy and implementation for Decagon's conversational AI platform. Partner with engineering teams to build security into AI-powered applications and establish testing programs.
Responsibilities
- Design and implement application security controls across our AI agent platform, including secure coding practices, threat modeling, and vulnerability management
- Collaborate closely with product engineering teams to integrate security throughout the software development lifecycle, from design, coding, PR, and deployment
- Establish application security testing programs including static analysis (SAST), dynamic analysis (DAST), and interactive testing (IAST) tailored for AI applications
- Lead security code reviews and architecture assessments for new features, with special focus on AI model integration points and customer data handling
- Build security tooling and automation to enable developers to identify and remediate vulnerabilities quickly while maintaining development velocity
- Respond to security incidents involving application vulnerabilities, coordinating remediation efforts and post-incident improvements
Requirements
- 3-5 years of hands-on application security engineering experience
- Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment
- Strong software engineering background with ability to review code across multiple languages and frameworks commonly used in AI/ML applications
- Experience implementing application security testing tools and integrating security into CI/CD pipelines
- Knowledge of OWASP Top 10, common application vulnerabilities, and modern application security frameworks
- Proven track record working with engineering teams to remediate security findings while balancing security and business requirements
Nice-to-Haves
- Experience securing AI/ML applications, including prompt injection, model extraction, and adversarial input protections
- Background with large-scale, multi-tenant SaaS applications handling sensitive customer data
- Familiarity with Google Cloud application security services and container security best practices
- Knowledge of enterprise compliance requirements (SOC 2, ISO 27001, GDPR) from an application security perspective
- Experience with modern security tools like Semgrep, CodeQL, Cursor Bug Bot, XBOW, or similar
Member of Technical Staff, Trust & Safety Engineer
Trust & Safety Engineer building red teaming systems, content moderation infrastructure, and safety tooling for generative AI models. Requires 3+ years software engineering experience with Python/TypeScript and comfort across the stack from model evals to AWS/GCP infrastructure.
Security Engineer, Corporate Security
Hands-on Corporate Security Engineer to own and improve technical controls across identity, endpoints, SaaS, and workforce infrastructure. Build scalable automation and partner with IT, Infrastructure, GRC, and Detection & Response.
Senior Manager, Technology Risk
Lead second-line technology and information security risk oversight for a de novo national bank, establishing the 2LOD technology risk framework and providing independent oversight of IT, cybersecurity, and cloud infrastructure.