Lead Application Security Engineer

About The Position

Requirements

• 5+ years of experience in application security, including significant time spent writing and reviewing code.
• Proficiency in more than one major coding language. You should be comfortable contributing directly to the codebase.
• Practical experience securing cloud environments (AWS preferred) and a strong understanding of cloud security.
• A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
• Awareness of red-team AI-based offensive tactics and blue-team AI-based defensive tactics, with good judgment about where those techniques apply in real products.
• Staying current with the security landscape and turning emerging threats, tools, and defensive patterns into practical quarterly roadmap recommendations.
• The ability to balance security risks with business velocity. You should be able to propose creative "middle ground" solutions that reduce risk without blocking progress.
• A willingness to jump into areas adjacent to traditional AppSec—e.g. data analysis, AI security research, or protecting against prompt injection—to get the job done.

Nice To Haves

• Experience securing SaaS products that process sensitive customer data.
• Experience with legal, healthcare, fintech, enterprise SaaS, or other regulated/high-trust environments.
• Experience with Kubernetes, GCP/AWS, TypeScript, Python, Go, or similar production engineering stacks.
• Familiarity with SAML, OAuth, OIDC, RBAC/ABAC, audit logging, data encryption, and enterprise security controls.
• Experience building security programs at a high-growth startup.

Responsibilities

• Build and scale Eve's product and application security program across design reviews, threat modeling, code review, vulnerability management, and secure deployment.
• Partner with engineering teams to secure AI-native workflows, including data handling, prompt-injection risk, model/tool access, and sensitive legal information flows.
• Track emerging security trends, including red-team AI-based offensive tactics and blue-team AI-based defensive tactics where applicable, and translate them into pragmatic product and engineering roadmap recommendations.
• Develop practical defenses for AI-enabled abuse cases such as prompt injection, model/tool misuse, data exfiltration, unsafe agent behavior, and sensitive legal data exposure.
• Develop internal security tooling and automation for areas like dependency scanning, secrets detection, access review, abuse detection, and security workflow triage.
• Review architecture and product changes for security risks, then help implement pragmatic fixes directly in the codebase when needed.
• Strengthen cloud, infrastructure, and deployment security across identity, permissions, network boundaries, CI/CD, monitoring, and incident response.
• Build security practices that help Eve move faster: clear standards, lightweight processes, reusable libraries, and guardrails that fit how engineers actually work.
• Support compliance and customer trust efforts by helping translate Eve's security posture into clear, accurate technical evidence.
• Stay close to the product and customers so security decisions reflect real user workflows, business needs, and the sensitivity of legal work.

Benefits

• Competitive Salary & Equity
• 401(k) Program with Employer Matching
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Commuter Benefits
• Autonomous Work Environment
• Workplace Setup Reimbursement
• Telecomm Stipend
• Flexible Time Off (FTO) + Holidays
• Quarterly Team Gatherings
• In office Perks