← Zurück zur Liste
Stelle

Application Security Engineer

Security Engineer • Vor Ort • Vollzeit • 📍 San Francisco

As an Application Security Engineer, you'll secure Braintrust's real-time data platform, review code, build threat models, and lead AI-specific security work such as prompt injection defenses and agent sandbox escapes.

Responsibilities

  • Drive secure design: lead threat models for new features and review architecture proposals
  • Review code across TypeScript, Python, and Go services, open source tracing libraries, and the model proxy
  • Build the paved road: authn/authz primitives, RBAC and tenancy isolation, secret handling, sandboxed code execution
  • Own SAST, DAST, SCA, and secret-scanning tooling end-to-end
  • Run the vulnerability management program and triage external bug bounty reports
  • Lead AI-specific security work: prompt injection defenses, model proxy abuse detection, agent/tool-use sandboxing, data-exfiltration controls
  • Partner with open source maintainers on the security of libraries embedded in customer applications
  • Use agentic coding workflows to scale code review, exploit prototyping, and incident triage

Requirements

  • 5+ years in application security, product security, or backend engineering with a security focus
  • Strong code reading and writing skills in at least two of TypeScript/Node.js, Python, Go, or Rust
  • Deep knowledge of web and API vulnerability classes beyond OWASP Top 10 trivia
  • Track record building secure-by-default libraries or frameworks other engineers actually adopt
  • Hands-on experience with authn/authz design, multi-tenant data isolation, and secrets/key management at scale
  • Comfort with high-availability data platform realities: real-time pipelines, Postgres, Redis, AWS
  • A clear point of view on AI/LLM security: prompt injection, agent abuse, tool-use sandboxing, model proxy threats
  • Daily user of agentic coding tools

Nice to have

  • Prior LLM red-teaming experience
  • Agent sandbox research
  • Shipping security-focused open-source libraries

Soft skills

Clear communicator who documents decisions and writes tickets engineers want to pick upLifts the team's security awareness without becoming a bottleneckHands-on IC mindset, confident in design reviews

What we offer

  • Medical, dental, and vision insurance
  • Daily lunch, snacks, and beverages
  • Flexible time off
  • Competitive salary and equity
  • Wifi & cellphone stipend

About the company

Braintrust is the AI observability platform. By connecting evals and observability in one workflow, it gives builders the visibility to understand how AI behaves in production and the tools to improve it. Teams at Notion, Stripe, and Vercel use Braintrust to compare models, test prompts, and catch regressions.

Ähnliche Stellen