You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Shared by 
about 2 months ago
Requirements and responsibilities
About the roleAI is transforming how every company operates, but most enterprises are stuck. They want to move fast with AI agents, tools, and workflows, but they can't do it safely. Runlayer is fixing that. Our team built AI Actions for OpenAI, shipped Zapier Agents to millions of users, and launched the first remote MCP server with Anthropic. The co-creator of MCP is on our cap table. We helped establish the protocol, and now we're building the platform enterprises need to actually use it.Runlayer is one platform for MCPs, Skills, and Agents—purpose-built security, fine-grained governance, and complete observability so organizations can push AI forward across the entire company without the risk.As our second Security Engineer, you'll build the security scanning and detection products that protect enterprise AI. You own the Runlayer Watch products (static and dynamic scanning), shadow detection of unregistered agents and servers, and AppSec for the platform itself.Why You'll Thrive HereImpact: Build the security layer for the AI agent infrastructure category, directly shaping how enterprises adopt AI safelyExcellence: Work alongside founders from Zapier's AI team and a team of senior engineers from top cyber backgroundsOwnership: Own detection products end-to-end, from threat modeling through shipped featuresWhat You'll DoBuild and improve Watch products: static and dynamic scanning for MCP servers, skills, plugins, and agent behavior detection on endpointsDevelop shadow detection: identify unregistered MCP servers, skills, plugins, and agents running outside governance across the enterpriseOwn AppSec for the platform: penetration testing, vulnerability management, dependency scanning, and security hardening of the control planeBuild automated version scanning: CI/CD-integrated security checks that run on each new MCP server version, skill update, or plugin releaseExtend detection coverage to CLI agents (Codex, OpenCode) and browser-based agentsWhat We're Looking For8+ years in security engineering with deep experience in application security, security tooling development, or endpoint detectionBuilder, not operator. You've created scanning or detection systems: parsers, rule engines, analysis pipelines.Experience with shadow IT detection, asset discovery, or endpoint monitoring in enterprise environmentsStrong Python skills (our scanning pipeline and platform backend are Python/FastAPI)Understanding of API and gateway attack patterns: SSRF, token theft, injection, supply-chain attacksAwareness of emerging AI/LLM security threats: prompt injection, tool poisoning, jailbreaking, indirect prompt injection through tool responsesBonus QualificationsExperience with MCP, AI agents, or LLM security specificallyBackground in building commercial security products (not just internal tooling)Network in enterprise security (SVCI, Israeli security community, etc.)What We OfferCompetitive salary and equity — compensation that reflects your expertise and customer-facing responsibilities.Paid time off — 4 weeks paid vacation, paid sick leave, and paid parental leave.Professional development — budget for conferences, courses, and certifications in AI, enterprise software, and customer success.Top-tier equipment — your choice of laptop and accessories to create your ideal work environment.Health benefits — comprehensive health, dental, and vision coverage.Customer interaction opportunities — work directly with innovative companies and see the immediate impact of your work.Not quite the right fit? Reach out to careers@runlayer.com with details about your experience and interests.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)