Lead Application Security Engineer

Security Engineer at Eve:
Build the security foundation for an AI‑native product that handles highly sensitive legal and client data. You will work directly with product, engineering, infrastructure, and AI teams to make security a practical advantage across the company.

• Build and scale the product and application security program across design reviews, threat modeling, code review, vulnerability management, and secure deployment.
• Partner with engineering teams to secure AI‑native workflows, including data handling, prompt‑injection risk, model/tool access, and sensitive legal information flows.
• Track emerging security trends, including AI‑based red‑team and blue‑team tactics, and translate them into pragmatic product and engineering roadmap recommendations.
• Develop practical defenses for AI‑enabled abuse cases such as prompt injection, model/tool misuse, data exfiltration, unsafe agent behavior, and sensitive legal data exposure.
• Develop internal security tooling and automation for dependency scanning, secrets detection, access review, abuse detection, and security workflow triage.
• Review architecture and product changes for security risks, then help implement pragmatic fixes directly in the codebase when needed.
• Strengthen cloud, infrastructure, and deployment security across identity, permissions, network boundaries, CI/CD, monitoring, and incident response.
• Build security practices that help Eve move faster: clear standards, lightweight processes, reusable libraries, and guardrails that fit how engineers actually work.
• Support compliance and customer trust efforts by translating Eve’s security posture into clear, accurate technical evidence.
• Stay close to the product and customers so security decisions reflect real user workflows, business needs, and the sensitivity of legal work.

• 5+ years of experience in application security, with significant time writing and reviewing code.
• Proficiency in more than one major coding language; comfortable contributing directly to the codebase.
• Practical experience securing cloud environments (AWS preferred) and a strong understanding of cloud security.
• Deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
• Awareness of AI‑based red‑team and blue‑team tactics, with good judgment about applying them in real products.
• Staying current with the security landscape and turning emerging threats, tools, and defensive patterns into practical quarterly roadmap recommendations.
• Ability to balance security risks with business velocity; propose creative “middle ground” solutions that reduce risk without blocking progress.
• A willingness to jump into adjacent areas such as data analysis, AI security research, or protecting against prompt injection to get the job done.

• Experience securing SaaS products that process sensitive customer data.
• Experience in regulated or high‑trust environments such as legal, healthcare, fintech, or enterprise SaaS.
• Experience with Kubernetes, GCP, or other production engineering stacks (Type Script, Python, Go).
• Familiarity with SAML, OAuth, OIDC, RBAC/ABAC, audit logging, data encryption, and enterprise security controls.
• Experience building security programs at a high‑growth startup.

US Base Salary Range: $195,000 – $300,000 USD

• Competitive Salary & Equity
• 401(k) Program with Employer Matching
• Health, Dental, Vision and Life Insurance
• Short Term and Long Term Disability
• Commuter Benefits
• Autonomous Work Environment
• Workplace Setup Reimbursement
• Telecommute Stipend
• Flexible Time Off (FTO) + Holidays
• Quarterly Team Gatherings
• In‑office Perks for On‑site Employees

Eve Legal is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable local laws, regulations, and ordinances.