Lead Application Security Engineer
About Eve
Eve is redefining legal technology for plaintiff law firms, and we're building the team that will take us there. We help firms handle more cases, recover more for clients, and grow with AI that works across every stage of a case, from intake through resolution. The next generation of great plaintiff firms will be AI-Native, and Eve is how they get there. But what makes Eve different isn't just the product. It's how we build it. If you're someone who takes ownership, stays curious, and wants to build AI that's already changing how law is practiced, this is where you belong.
What You'll Do
- Build and scale Eve's product and application security program across design reviews, threat modeling, code review, vulnerability management, and secure deployment.
- Partner with engineering teams to secure AI-native workflows, including data handling, prompt-injection risk, model/tool access, and sensitive legal information flows.
- Track emerging security trends, including red-team AI-based offensive tactics and blue-team AI-based defensive tactics where applicable, and translate them into pragmatic product and engineering roadmap recommendations.
- Develop practical defenses for AI-enabled abuse cases such as prompt injection, model/tool misuse, data exfiltration, unsafe agent behavior, and sensitive legal data exposure.
- Develop internal security tooling and automation for areas like dependency scanning, secrets detection, access review, abuse detection, and security workflow triage.
- Review architecture and product changes for security risks, then help implement pragmatic fixes directly in the codebase when needed.
- Strengthen cloud, infrastructure, and deployment security across identity, permissions, network boundaries, CI/CD, monitoring, and incident response.
- Build security practices that help Eve move faster: clear standards, lightweight processes, reusable libraries, and guardrails that fit how engineers actually work.
- Support compliance and customer trust efforts by helping translate Eve's security posture into clear, accurate technical evidence.
- Stay close to the product and customers so security decisions reflect real user workflows, business needs, and the sensitivity of legal work.
Technical Depth
- 5+ years of experience in application security, including significant time spent writing and reviewing code.
- Proficiency in more than one major coding language. Comfortable contributing directly to the codebase.
Cloud & Containers
- Practical experience securing cloud environments (AWS preferred) and a strong understanding of cloud security.
Systems Thinking
- A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
AI Security Fluency
- Awareness of red-team AI-based offensive tactics and blue-team AI-based defensive tactics, with good judgment about where those techniques apply in real products.
Security Curiosity & Roadmap Ownership
- Staying current with the security landscape and turning emerging threats, tools, and defensive patterns into practical quarterly roadmap recommendations.
Pragmatism
- The ability to balance security risks with business velocity. Ability to propose creative "middle ground" solutions that reduce risk without blocking progress.
Versatility
- A willingness to jump into areas adjacent to traditional AppSec—e.g. data analysis, AI security research, or protecting against prompt injection—to get the job done.
Nice To Have
- Experience securing SaaS products that process sensitive customer data.
- Experience with legal, healthcare, fintech, enterprise SaaS, or other regulated/high-trust environments.
- Experience with Kubernetes, GCP/AWS, TypeScript, Python, Go, or similar production engineering stacks.
- Familiarity with SAML, OAuth, OIDC, RBAC/ABAC, audit logging, data encryption, and enterprise security controls.
- Experience building security programs at a high-growth startup.
Final compensation
Final compensation will be determined based on a variety of factors, including but not limited to relevant experience, skills, interview performance, and the scope and level of the role and candidate.
Benefits
- Competitive Salary & Equity
- 401(k) Program with Employer Matching
- Health, Dental, Vision and Life Insurance
- Short Term and Long Term Disability
- Commuter Benefits*
- Autonomous Work Environment
- Workplace Setup Reimbursement
- Telecomm Stipend
- Flexible Time Off (FTO) + Holidays
- Quarterly Team Gatherings
- In office Perks*
Equal Opportunity Employer
Eve Legal is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation during the application process, reach out to your recruiter.
Artificial Intelligence (AI) Tools
We may use artificial intelligence (AI) tools to support parts of the hiring process. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.