AI Application Security Engineer

External

Brainco · San Francisco Bay Area

Full-timeRemote3w ago

Application SecurityCI/CDDocumentationLessMoveSAFe

Cover Letter Connect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

About the role

As our Security Engineer, Application & AI, you will own the security of our products and application layer - secure development practices, agent security, third-party integration security, and data protection for AI products operating in some of the world's most regulated and sensitive environments. This is a hands-on builder role. You will write code, ship security tooling, and work directly with product and ML engineers to build security in from the start rather than bolt it on after. You are expected to work AI-natively: using AI to write threat models, automate security review, scale code analysis, and build internal tooling. This is not a nice-to-have - it is how the role is designed to operate and how one person can have outsized impact across a fast-moving engineering organization. Brain Co.'s products are built on agentic infrastructure - AI that takes actions, calls tools, and operates inside complex institutional workflows. The degree varies by product, but the underlying security surface is consistent: how agents are authorized, what they can touch, and how that is controlled at the application layer. This role is specifically designed to address that surface, working alongside the Infrastructure Security Engineer who owns the platform layer underneath.

Responsibilities

Application Security

Own secure development practices across our products: AuthN/AuthZ patterns, secrets management, input handling, and secure-by-default standards that engineers can follow without security becoming a bottleneck.

Integrate security into the development lifecycle - code review, CI/CD pipelines, and pre-deployment checks - catching risk before it reaches production.

Conduct threat modeling across product features and release cycles, translating risk into concrete controls that ship alongside each product.

Build and maintain security tooling and automated checks that scale your reach across the codebase - using AI to move faster and cover more ground than manual review alone could.

Agent & Integration Security

Own the application-layer security model for Brain Co.'s agentic products - how agents are scoped, what they are authorized to do on behalf of users, and where trust boundaries sit between the agent and the external systems it touches.

Define secure patterns for how agents integrate with third-party systems and APIs: how credentials are stored and scoped, how responses are validated before being acted on, and how each product limits what agents can do with what they get back.

Work directly with product and ML engineers during feature development to define secure agent design patterns: tool scoping, permission boundaries, output validation, and safe handling of user context across multi-step workflows.

Build reusable secure-by-default patterns for agent development - design guidelines, review checklists, and code-level guardrails - so that security standards scale as new agent capabilities are built.

Produce security artifacts for agent features and product deployments: threat models, architecture reviews, and documentation that supports delivery into regulated customer environments.

Data Protection

Define and enforce data protection standards at the application layer - ensuring sensitive customer data (PHI, PII, government records) is handled correctly as it flows through AI pipelines and surfaces in agent outputs.

Build safeguards against unauthorized data exposure across our products: access controls, output filtering, and audit logging that make data handling attributable and reviewable.

Design secure data handling patterns for AI features operating on regulated data, working with platform and ML teams to ensure the application layer upholds its share of the data protection contract.

You Might Be a Great Fit If You...

Have 5+ years of experience in application security or product security, with hands-on experience on production systems at scale.

Are a builder first - you write code and ship security tooling, and see embedding security into the engineering workflow as the job, not a side effect of it.

Have deep fluency in

AI Application Security Engineer

About the role

Responsibilities

Benefits

Additional Information

Your Match

Company Intel

What employees say

Interested in this role?