DevSecOps Engineer (TypeScript & Agentic AI)

The Opportunity

We're hiring a DevSecOps Engineer to embed security into how we ship software — not as a gate at the end, but as a capability woven through every pipeline, repo, and runtime. You'll work across a TypeScript-heavy stack (Node.js services, Next.js frontends, internal platform tools) and play a central role in how we securely design, deploy, and operate **agentic AI systems** — autonomous and semi-autonomous AI agents that take real actions on behalf of users and engineers.

This role is deeply collaborative. You'll spend more time pairing with other departments. If you believe security is best delivered as developer experience, you'll feel at home.

We're a small, senior team that prioritizes collaboration over hierarchy and enablement over enforcement. Security at our company isn't a department people avoid — it's a function people pull into their work because we make it useful. Expect a lot of pairing, frequent design reviews, and a culture where asking "is this secure?" early is celebrated, not punished.We believe the next generation of software will be co-built with AI agents. We want a teammate who is excited to figure out, alongside us, what it means to make that future safe.

What You'll Do:

• Design and implement guardrails for agentic AI workflows — including tool-use sandboxing, prompt-injection defenses, MCP server hardening, secret scoping for agents, and runtime policy enforcement.
• Build internal tooling in TypeScript: SDKs, CLI utilities, GitHub Actions, custom linters, and developer-facing dashboards that make the secure path the easy path.
• Threat-model new features alongside product engineers, especially those involving LLM integrations, autonomous agents, or third-party tool calls.
• Integrate and tune SAST, DAST, SCA, secret scanning, and IaC scanning (Terraform, Kubernetes manifests, Helm) into pull-request workflows with low-friction feedback loops.
• Lead incident response for security events, coordinating cross-functionally and producing blameless postmortems that improve our systems, not assign blame.
• Partner with the AI/ML team on responsible deployment of agents — defining what "trusted action" means, what telemetry we need, and how we contain blast radius when an agent misbehaves.
• Mentor engineers across the org on secure coding patterns in TypeScript and on the unique risks of building with LLMs and agent frameworks.

What We're Looking For

• 4+ years of hands-on experience in DevSecOps, application security, or platform security roles.
• Strong working knowledge of TypeScript and the Node.js ecosystem.
• Practical experience securing cloud infrastructure (AWS, GCP, or Azure), containers, and Kubernetes.
• Fluency with modern CI/CD tooling (GitHub Actions, or similar) and IaC (Terraform, Pulumi).
• Genuine curiosity about — and ideally hands-on experience with agentic AI systems: LLM tool use, function calling, MCP, agent frameworks (LangGraph, OpenAI Agents SDK, Anthropic SDK, etc.), and the emerging security patterns around them.
• A collaboration-first mindset. You write clearly, give feedback kindly, and would rather pair on a problem than throw a Jira ticket over the wall.
• Comfort with ambiguity — the security playbook for agentic systems is being written in real time, and you want to help write it.

Bonus Points

• Experience with prompt-injection research, LLM red-teaming, or AI safety/evals work.
• Contributions to open-source, especially in the TypeScript or AI or Security ecosystems.
• Familiarity with SOC 2, ISO 27001, or similar compliance frameworks — and opinions on how to satisfy them without crushing engineering velocity.
• Background in incident response or detection engineering at a fast-moving company.

The estimated annual salary for this role is between $150,000 - $200,000, plus a competitive equity package. Actual compensation is determined based upon a variety of job related factors that may include: transferable work experience, skill sets, and qualifications. Total compensation also includes a comprehensive benefit package, including: medical, dental, vision, 401(k) plan, unlimited paid time off, generous parental leave plan, and others for mental and wellness support.

While we are a remote-first company, we have opened offices in New York City and the San Francisco Bay Area, as an option for those in those cities who wish to work in-person. For all other employees, there is a WFH monthly stipend to pay for co-working spaces.