Jobs · Engineering · California

Platform Engineer, Security

Decagon · San Francisco, CA · 2 wk ago
Engineering$200k–$330k/yrFull-time

About the role

Lead the application security strategy and implementation for Decagon AI's conversational platform that serves enterprise customers at scale. You'll partner with engineering teams to build security directly into our AI-powered applications, ensuring protection against application-layer threats while maintaining the performance and reliability our customers expect.

Responsibilities

  • Design and implement application security controls across our AI agent platform, including secure coding practices, threat modeling, and vulnerability management.
  • Collaborate closely with product engineering teams to integrate security throughout the software development lifecycle, from design, coding, PR, and deployment.
  • Establish application security programs including static analysis (SAST), dynamic analysis (DAST), and interactive sing (IAST) tailored for AI applications.
  • Lead security code reviews and architecture assessments for new features, with special focus on AI model integration points and customer data handling.
  • Build security tooling and automation to enable developers to identify and remediate vulnerabilities quickly while maintaining development velocity.
  • Respond to security incidents involving application vulnerabilities, coordinating remediation efforts and post-incident improvements.

Requirements

Have 3-5 years of hands-on application security engineering experience.

Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment.

Strong software engineering background with ability to review code across multiple languages and frameworks commonly used in AI/ML applications.

Experience implementing application security sing tools and integrating security into CI/CD pipelines.

Knowledge of OWASP Top 10, common application vulnerabilities, and modern application security frameworks.

Proven track record working with engineering teams to remediate security findings while balancing security and business requirements.

Experience securing AI/ML applications, including prompt injection, model extraction, and adversarial input protections.

Background with large-scale, multi-tenant SaaS applications handling sensitive customer data.

Familiarity with Google Cloud application security services and container security best practices.

Knowledge of enterprise compliance requirements (SOC 2, ISO 27001, GDPR) from an application security perspective.

Experience with modern security tools like Semgrep, CodeQL, Cursor Bug Bot, XBOW, or similar.

Qualifications

Master's degree in Computer Science, Information Security, or related field.

CISSP, CISM, or equivalent certifications preferred.

Skills

Deep understanding of application security principles and practices.

Experience with cloud-based security solutions and container security.

Ability to communicate complex technical concepts to non-technical stakeholders.

Benefits

  • Take what you need vacation policy (subject to local requirements; UK employees receive 25 days of statutory leave)
  • Medical, Dental, and Vision benefits for you and your family
  • Life Insurance and Disability Benefits
  • Retail Plan (e.g., 401K, pension)
  • Parental Leave
  • Fertility and family building benefits through Carrot
  • Daily lunches and snacks in the office to keep you at your best

Similar jobs