simular - Security Engineer

• Own application security across our product surface: threat modeling, secure code review, SAST/DAST, dependency and supply-chain hygiene • Harden our cloud and infrastructure: AWS/GCP configuration, Kubernetes, secrets management, network boundaries, CI/CD pipeline security • Build the security foundation for our agent platform: sandboxing, permission boundaries, prompt-injection defenses, data exfiltration controls, and safe tool execution • Partner with engineering and research to bake security into product design from day zero, not bolted on later • Run incident response and lead investigations when things go wrong; build the playbooks so the next one is faster • Drive vendor reviews, customer security questionnaires, and the compliance work needed as we move upmarket (SOC 2, ISO, etc.) • Establish the security culture: lightweight processes, useful tooling, clear ownership; scrappy, not bureaucratic • You might be a fit if • You have a BS/MS in Computer Science or equivalent experience, with 3-6 years in security engineering • You're a strong engineer first: comfortable shipping code in Python, Go, or TypeScript, not just reviewing others' • You have hands-on experience across two or more of: AppSec, cloud security (AWS/GCP), container/Kubernetes hardening, CI/CD security • You understand modern threat models: supply-chain attacks, identity and secrets, web app vulnerabilities, infrastructure misconfiguration • You're genuinely curious about AI and agent security: how prompt injection works, how to sandbox autonomous tool use, how to reason about data flow in agentic systems • You thrive as the first security hire: you can prioritize ruthlessly, build from zero, and earn trust by shipping rather than blocking • Bonus: red-team or offensive security background, experience securing ML/AI pipelines, or prior early-stage startup experience