MTS - Security Engineering
About The Position
We’re the makers of Poke.com, a proactive AI agent for everyday life. Interaction is a $300M consumer company backed by $27M from General Catalyst and angels such as Guillermo Rauch (Vercel), Scott Wu (Cognition), Patrick and John Collison (Stripe), Fred Ehrsam (Coinbase), Ken Howery (Co-Founder of PayPal and Founders Fund), and many others. For the last year, our core engineering team has built this entire agent platform from the ground up. Now, traffic and concurrent agent executions are scaling by orders of magnitude. We need engineers to harden infrastructure without slowing down feature velocity. We only care about technical depth, obsession with your craft, and how well you can build alongside us. Our current team is strongly connected and talent-dense, with backgrounds from Jane Street, MIT/Stanford research, and International Olympiads, but we care more about experience building than your pedigree. Poke connects to users' email, calendar, and many other integrations, and takes actions on their behalf. Securing that surface is existential. We hire across many strengths under one title. You are a T-shaped engineer who can navigate the whole stack, but you are uniquely experienced in at least one of these areas: Agent & AI Security: Prompt injection defense, tool use guardrails, sandboxing of untrusted model outputs, and red teaming agentic workflows. Application & Product Security: AuthN/AuthZ, OAuth token and secrets management, secure-by-default API design, and threat modeling features before they ship. Infrastructure & Cloud Security: IAM, network segmentation, workload isolation, and hardening high-concurrency distributed systems under heavy load. Detection & Response: Telemetry pipelines, anomaly detection, incident response, and abuse and fraud prevention at consumer scale. Privacy & Trust: Data minimization, encryption in transit and at rest, compliance foundations (SOC 2, GDPR), and earning user trust through the product itself. We work mostly in Typescript and some Python, but lack of experience in these specific languages is not a deal breaker.
Requirements
- Technical depth.
- Obsession with your craft.
- Experience building systems.
- Ability to navigate the whole stack.
- Unique experience in at least one of the following areas: Agent & AI Security (Prompt injection defense, tool use guardrails, sandboxing of untrusted model outputs, red teaming agentic workflows), Application & Product Security (AuthN/AuthZ, OAuth token and secrets management, secure-by-default API design, threat modeling features), Infrastructure & Cloud Security (IAM, network segmentation, workload isolation, hardening high-concurrency distributed systems), Detection & Response (Telemetry pipelines, anomaly detection, incident response, abuse and fraud prevention), or Privacy & Trust (Data minimization, encryption in transit and at rest, compliance foundations (SOC 2, GDPR)).
- Rigor under pressure; ability to move between infra, product, and debugging.
- Ability to stabilize melting systems while still shipping features.
- Platform thinking.
- Low ego; no important problem is beneath us.
Nice To Haves
- Experience in Typescript and Python (though not a deal breaker).
Responsibilities
- Harden infrastructure without slowing down feature velocity.
- Navigate the whole stack as a T-shaped engineer.
- Specialize in at least one of the following areas: Agent & AI Security, Application & Product Security, Infrastructure & Cloud Security, Detection & Response, or Privacy & Trust.
- Design security primitives, not one-off mitigations.
- Build solutions that solve today's threats while unlocking ten future use cases.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Education Level
No Education Listed
