Key Responsibilities

Design and deploy AI-powered security agents into CI/CD: automated code review, risk classification, escalation logic, and where possible, auto-remediation.
Build and operate the security tooling layer across our pipelines: SAST, SCA, secrets scanning, IaC validation, and supply chain integrity checks.
Conduct threat modeling, secure design reviews, and manual security assessments across our apps, APIs, and infrastructure.
Find vulnerabilities through proactive testing, not just scanner output, and drive them to remediation.
Partner with engineering teams across our product pillars as the embedded security voice in the room, without being a blocker.
Own the rollout of secure-by-default development frameworks and controls.
Connect application-level telemetry to detection and response systems.
Contribute to incident response and postmortems when product security is involved.
Shape our long-term product security strategy and roadmap.

Qualifications/Skills

5+ years of experience in product or application security, software engineering, or a combination of both.
You've built or operated AI-assisted security tooling, whether that's an agent doing code review, an automated triage pipeline, or custom security automation you designed from scratch.
Strong Python experience. Familiarity with FastAPI, LangChain, or agentic frameworks is a plus.
Deep fluency in identifying and exploiting web, API, and application vulnerabilities, well beyond OWASP Top 10.
Experience embedding security into CI/CD, not just recommending it.
You can guide engineers through secure design decisions without slowing them down.
You write documentation and design docs without being asked.

Bonus: experience with HIPAA or healthcare data, red teaming, or security architecture at scale.