AI Application Security Engineer

ABOUT BRAIN CO. Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. Our progress so far: - Automated construction permitting for a sovereign government → 80% faster, unlocking $375M+ in value - Optimized supply chains for a leading global energy company → 30% lower cost, 99% reliability, preventing $100M+ in losses - Streamlined hospital patient care across national health systems → 40% better outcomes, 80% less admin work Company momentum: - Raised a $55M Series A from leading investors - Built a team of 70+ AI experts from Tesla, Google DeepMind, NVIDIA, and Databricks THE ROLE As our Security Engineer, Application & AI, you will own the security of our products and application layer — secure development practices, agent security, third-party integration security, and data protection for AI products operating in some of the world's most regulated and sensitive environments. This is a hands-on builder role. You will write code, ship security tooling, and work directly with product and ML engineers to build security in from the start rather than bolt it on after. You are expected to work AI-natively: using AI to write threat models, automate security review, scale code analysis, and build internal tooling. This is not a nice-to-have — it is how the role is designed to operate and how one person can have outsized impact across a fast-moving engineering organization. Brain Co.'s products are built on agentic infrastructure — AI that takes actions, calls tools, and operates inside complex institutional workflows. The degree varies by product, but the underlying security surface is consistent: how agents are authorized, what they can touch, and how that is controlled at the application layer. This role is specifically designed to address that surface, working alongside the Infrastructure Security Engineer who owns the platform layer underneath. WHAT YOU'LL WORK ON Application Security - Own secure development practices across our products: AuthN/AuthZ patterns, secrets management, input handling, and secure-by-default standards that engineers can follow without security becoming a bottleneck. - Integrate security into the development lifecycle — code review, CI/CD pipelines, and pre-deployment checks — catching risk before it reaches production. - Conduct threat modeling across product features and release cycles, translating risk into concrete controls that ship alongside each product. - Build and maintain security tooling and automated checks that scale your reach across the codebase — using AI to move faster and cover more ground than manual review alone could. Agent & Integration Security - Own the application-layer security model for Brain Co.'s agentic products — how agents are scoped, what they are authorized to do on behalf of users, and where trust boundaries sit between the agent and the external systems it touches. - Define secure patterns for how agents integrate with third-party systems and APIs: how credentials are stored and scoped, how responses are validated before being acted on, and how each product limits what agents can do with what they get back. - Work directly with product and ML engineers during feature development to define secure agent design patterns: tool scoping, permission boundaries, output validation, and safe handling of user context across multi-step workflows. - Build reusable secure-by-default patterns for agent development — design guidelines, review checklists, and code-level guardrails — so that security standards scale as new agent capabilities are built. - Produce security artifacts for agent features and product deployments: threat models, architecture reviews, and documentation that supports delivery into regulated customer environments. Data Protection - Define and enforce data protection standards at the application layer — ensuring sensitive customer data (PHI, PII, government records) is handled correctly as it flows through AI pipelines and surfaces in agent outputs. - Build safeguards against unauthorized data exposure across our products: access controls, output filtering, and audit logging that make data handling attributable and reviewable. - Design secure data handling patterns for AI features operating on regulated data, working with platform and ML teams to ensure the application layer upholds its share of the data protection contract. YOU MIGHT BE A GREAT FIT IF YOU... - Have 5+ years of experience in application security or product security, with hands-on experience on production systems at scale. - Are a builder first — you write code and ship security tooling, and see embedding