As a Security Engineer at Eve, you'll help build the security foundation for an AI-native product used by law firms handling highly sensitive legal and client data. This is a hands-on engineering role for someone who wants to build, not just audit. You'll work directly with product, engineering, infrastructure, and AI teams to make security a practical advantage across the company.

You'll own high-impact security work across application security, cloud infrastructure, identity and access, secure SDLC, vendor risk, AI security, and incident readiness. You'll review designs, write code, build automation, harden systems, and help engineers ship quickly without compromising trust. A key part of the role is staying current with the evolving security landscape, especially AI-enabled offensive and defensive techniques, and translating that judgment into practical roadmap recommendations that keep Eve ahead of emerging risks.

What You'll Do

• Build and scale Eve's product and application security program across design reviews, threat modeling, code review, vulnerability management, and secure deployment.
• Partner with engineering teams to secure AI-native workflows, including data handling, prompt-injection risk, model/tool access, and sensitive legal information flows.
• Track emerging security trends, including red-team AI-based offensive tactics and blue-team AI-based defensive tactics where applicable, and translate them into pragmatic product and engineering roadmap recommendations.
• Develop practical defenses for AI-enabled abuse cases such as prompt injection, model/tool misuse, data exfiltration, unsafe agent behavior, and sensitive legal data exposure.
• Develop internal security tooling and automation for areas like dependency scanning, secrets detection, access review, abuse detection, and security workflow triage.
• Review architecture and product changes for security risks, then help implement pragmatic fixes directly in the codebase when needed.
• Strengthen cloud, infrastructure, and deployment security across identity, permissions, network boundaries, CI/CD, monitoring, and incident response.
• Build security practices that help Eve move faster: clear standards, lightweight processes, reusable libraries, and guardrails that fit how engineers actually work.
• Support compliance and customer trust efforts by helping translate Eve's security posture into clear, accurate technical evidence.
• Stay close to the product and customers so security decisions reflect real user workflows, business needs, and the sensitivity of legal work.

What We're Looking For

• Technical Depth: 5+ years of experience in application security, including significant time spent writing and reviewing code.
• Software Engineering Skills: Proficiency in more than one major coding language. You should be comfortable contributing directly to the codebase.
• Cloud & Containers: Practical experience securing cloud environments (AWS preferred) and a strong understanding of cloud security.
• Systems Thinking: A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
• AI Security Fluency: Awareness of red-team AI-based offensive tactics and blue-team AI-based defensive tactics, with good judgment about where those techniques apply in real products.
• Security Curiosity & Roadmap Ownership: Staying current with the security landscape and turning emerging threats, tools, and defensive patterns into practical quarterly roadmap recommendations.
• Pragmatism: The ability to balance security risks with business velocity. You should be able to propose creative "middle ground" solutions that reduce risk without blocking progress.
• Versatility: A willingness to jump into areas adjacent to traditional AppSec—e.g. data analysis, AI security research, or protecting against prompt injection—to get the job done.

Nice To Have

• Experience securing SaaS products that process sensitive customer data.
• Experience with legal, healthcare, fintech, enterprise SaaS, or other regulated/high-trust environments.
• Experience with Kubernetes, GCP/AWS, TypeScript, Python, Go, or similar production engineering stacks.
• Familiarity with SAML, OAuth, OIDC, RBAC/ABAC, audit logging, data encryption, and enterprise security controls.
• Experience building security programs at a high-growth startup.