Security Engineer
San Francisco, CA / Charleston, South Carolina / New York, NY
Engineering /
Full-Time /
Remote
Who we are
We help enterprises unlock the future of AI, and realize untapped potential through a thoughtful approach to access, security, and scalability. We’re a growing startup at the forefront of enterprise GenAI infrastructure. We are building a next-generation platform that empowers enterprises to securely adopt and manage advanced AI workflows. We know that successful technology adoption hinges on secure and appropriate access. Our founding team helped shape past technology revolutions — from pioneering secure API Management during the rise of mobile apps to driving enterprise AI adoption across Fortune 100 enterprises.
At the core of all we do is our team. We’re made up of builders, creators, and curious minds, on a mission to make AI safer, more responsible. Just as we are thoughtful about our products, we’re thoughtful about how we build teams and our culture. We believe with each addition to the team, culture can be enhanced. Take a look at what we value in our About Barndoor page. If this speaks to you, we’d love to hear from you!
How you’ll make an impact
Security is foundational to everything we build. As our core Security Engineer, you will directly continue to shape the architecture, policies, and culture that scale our secure software. The systems you design will enable our customers—enterprises with complex regulatory and operational needs—to safely deploy AI-powered agents at scale. Your work won’t just prevent breaches—it will enable trust, unlock innovation, and differentiate our platform in the market.
What You’ll Be Working On
While all roles have fluidity, here’s a sense of some of what you might work on at any given time.
Core responsibilities and role responsibilities include:
Responsibilities
- Audit and strengthen OAuth 2.0 and OIDC token flows across internal proxies, the control plane, and third-party integrations
- Identify and mitigate common and emerging threats in delegated authentication workflows
- Review and co-design REST, WebSocket, and streaming APIs with strong boundaries, secure defaults, and least-privilege access models
- Help define system boundaries for multi-agent, multi-tenant orchestration
- Integrate and tune automated CVE, SCA, and IaC scanning tools into CI/CD pipelines
- Convert security findings into high-signal engineering tickets with practical remediation paths
- Lead lightweight, iterative threat models for new features and services
- Define internal security baselines and policies, and mentor others to promote a strong security culture
- Favor automation-friendly controls over burdensome manual security processes
- Contribute to compliance initiatives such as SOC 2 and ISO 27001, supporting scalable security programs
- Leverage deep expertise in OAuth 2.0/OIDC with real-world experience securing authentication flows in production systems
- Design secure APIs, review system architectures, and implement scalable authentication and authorization models
- Apply hands-on experience with supply chain and container security tools such as Trivy, Snyk, Grype, and Terraform scanning
- Demonstrate familiarity with modern identity platforms like Auth0, Okta, and Keycloak, and with Zero Trust models
Requirements
- 5+ years in application or platform security roles, ideally in high-growth SaaS or cloud-native environments.
- Deep expertise in OAuth 2.0/OIDC, including real-world experience securing auth flows in production systems.
- Strong track record designing secure APIs, reviewing system architectures, and implementing scalable authN/authZ models.
- Hands-on experience with supply chain and container security tools (e.g., Trivy, Snyk, Grype, Terraform scanning).
- Familiarity with modern identity platforms (Auth0, Okta, Keycloak) or Zero Trust models.
- Proven success contributing to SOC 2, ISO 27001, and overall compliance programs.
- Experience working with AI/ML platforms or agent-based architectures.
- Comfortable collaborating with infrastructure, product, and legal teams to align security priorities with company goals.
- Passion for mentorship, documentation, and building a strong security culture without over-engineering.
Soft Skills That Matter Here
- Startup Agility: You thrive in fast-paced, evolving environments and are quick to take initiative without waiting for perfect clarity.
- Ownership Mentality: You see a gap and step in—you don’t wait to be told what needs securing, you go find it.
- Collaborative Spirit: You work well across functions—engineering, product, sales, and beyond—to elevate the entire team’s security awareness.
- Pragmatic Mindset: You balance ideal security outcomes with real-world constraints, always looking for simple, sustainable solutions.
- Mentorship and Influence: You uplift teammates by sharing knowledge and helping others build security into their everyday thinking.
Travel Requirements
Team connection is an important part of our culture. With a remote-friendly structure, we do require that our team be available to travel for in-person collaboration sessions and meetings. Some roles may have more travel than others. Typical team meetups are every 6-8 weeks, however, this may vary depending on team and business needs. We work to plan out our travel schedules in advance to give as much notice as possible.
Equal Opportunity Employer
We celebrate diversity and are committed to creating an inclusive environment for all employees. We do not discriminate based on race, color, ancestry, national origin, citizenship, religion or creed, sex (including pregnancy, childbirth, and related conditions), sexual orientation, gender identity or expression, age, marital status, veteran status, disability, genetic information, or any other legally protected status. We believe that diverse teams build better products, and we strive to ensure that our hiring, development, and advancement practices are fair, equitable, and welcoming for everyone.
