← Back to list

Job
Application Security Engineer
Security Engineer
• On-site
• Full-time
• 📍 San Francisco
As an Application Security Engineer, you'll secure Braintrust's real-time data platform, review code, build threat models, and lead AI-specific security work such as prompt injection defenses and agent sandbox escapes.
Responsibilities
- ▹Drive secure design: lead threat models for new features and review architecture proposals
- ▹Review code across TypeScript, Python, and Go services, open source tracing libraries, and the model proxy
- ▹Build the paved road: authn/authz primitives, RBAC and tenancy isolation, secret handling, sandboxed code execution
- ▹Own SAST, DAST, SCA, and secret-scanning tooling end-to-end
- ▹Run the vulnerability management program and triage external bug bounty reports
- ▹Lead AI-specific security work: prompt injection defenses, model proxy abuse detection, agent/tool-use sandboxing, data-exfiltration controls
- ▹Partner with open source maintainers on the security of libraries embedded in customer applications
- ▹Use agentic coding workflows to scale code review, exploit prototyping, and incident triage
Requirements
- ▹5+ years in application security, product security, or backend engineering with a security focus
- ▹Strong code reading and writing skills in at least two of TypeScript/Node.js, Python, Go, or Rust
- ▹Deep knowledge of web and API vulnerability classes beyond OWASP Top 10 trivia
- ▹Track record building secure-by-default libraries or frameworks other engineers actually adopt
- ▹Hands-on experience with authn/authz design, multi-tenant data isolation, and secrets/key management at scale
- ▹Comfort with high-availability data platform realities: real-time pipelines, Postgres, Redis, AWS
- ▹A clear point of view on AI/LLM security: prompt injection, agent abuse, tool-use sandboxing, model proxy threats
- ▹Daily user of agentic coding tools
Nice to have
- ▹Prior LLM red-teaming experience
- ▹Agent sandbox research
- ▹Shipping security-focused open-source libraries
Soft skills
Clear communicator who documents decisions and writes tickets engineers want to pick upLifts the team's security awareness without becoming a bottleneckHands-on IC mindset, confident in design reviews
What we offer
- ▹Medical, dental, and vision insurance
- ▹Daily lunch, snacks, and beverages
- ▹Flexible time off
- ▹Competitive salary and equity
- ▹Wifi & cellphone stipend
About the company
Braintrust is the AI observability platform. By connecting evals and observability in one workflow, it gives builders the visibility to understand how AI behaves in production and the tools to improve it. Teams at Notion, Stripe, and Vercel use Braintrust to compare models, test prompts, and catch regressions.
Similar jobs

Job
Security Engineer, Product Security
Scale AI
AI/ML
+3
$19,800–$24,750/mo
gross
🏢 On-site
🇺🇸 New York +3
🗣️ EN

Job
Senior Security Engineer (Product)
Headway
+4
$18,200–$22,800/mo
gross
🌍 Remote
🇺🇸 New York
🗣️ EN

Job
Staff Engineer - Endpoint security
GitGuardian
+15
💰 Salary: not specified
🏢 On-site
🇫🇷 Paris
🗣️ EN

Job
Security Engineer
GitGuardian
+11
💰 Salary: not specified
🏢 On-site
🇫🇷 Paris
🗣️ EN

Job
Cloud Security Engineer
Hex
+6
$16,667/mo
gross
🌍 Remote
🇺🇸 Remote (US)

Job
Cloud Security Engineer
Braintrust
+2
💰 Salary: not specified
🏢 On-site
🇺🇸 San Francisco
🗣️ EN