Security Engineer, Agent Security
- Security
- Remote (global)
- Full-time
- Senior (5–8 years)
- Senior
Give every agent an identity, scope its permissions, sandbox the untrusted, and detect privilege escalation before it reaches a client's production system.
What you're signing up for
Agent fleets are a new attack surface: compromised agents, privilege escalation between agents, and opaque tool use that bypasses existing controls. You will own the security discipline we build into client systems — cryptographic agent identity, scoped permissions, read-only sandboxes for untrusted operations, and an append-only audit log nothing can erase. You will also build the detection that flags anomalous agent behavior and cross-agent privilege escalation at the boundary.
The work
- Design the agent identity and permissions model we ship: issuance, rotation, scoping, and revocation across an agent fleet.
- Build sandboxing and guardrails for untrusted agent operations — network, filesystem, and tool access.
- Develop detection for anomalous agent behavior and cross-agent privilege escalation.
- Own the append-only audit trail: tamper-evidence, retention, and query performance.
- Run threat modeling and red-team exercises against the agent systems we build, and turn findings into shipped controls.
You bring
- 5+ years in application or infrastructure security, with production ownership of a security-critical system.
- Deep understanding of authn/authz, capability-based security, and sandboxing techniques.
- Strong coding ability in Python, Go, or Rust — you build controls, you do not just review them.
- Experience with threat modeling and translating it into concrete, testable guardrails.
- Clear written communication; you can explain a risk to an engineer and an executive.
Bonus signal
- Experience securing LLM or agent systems (prompt-injection defense, tool sandboxing).
- Familiarity with cryptographic identity systems (SPIFFE/SPIRE, mTLS, signed attestations).
- Background in detection engineering or anomaly detection on telemetry streams.
What you'll work with
What we offer
- Competitive salary and equity.
- Fully remote, async-first culture.
- Conference and certification budget.
- Hardware budget and home-office stipend.
How we interview
A short application, a 30-minute intro call, one focused technical session on a real problem, and a fast decision. No trick questions, no whiteboard theater.
Apply for Security Engineer, Agent Security.
No cover-letter theater. A few fields, your résumé, and links to work that shows how you think. A real engineer reads every application.
There may be a better surface for you.
Browse the rest of the open roles, or tell us what you actually want to build.