Founding Enterprise Security Engineer

OverviewHarden is an opinionated DevSecOps layer that secures AI-generated applications by automatically injecting identity controls, network boundaries, and compliance instrumentation prior to deployment. Our focus is on the application and infrastructure layer surrounding AI systems, working alongside foundation model providers who advance model-level safety. We value engineers who can think adversarially about real-world deployments and translate that into resilient, production-grade systems.The ideal candidate blends enterprise security engineering, backend platform development, and solution architecture. This role requires deep experience with core SaaS security primitives such as SSO, SCIM, and RBAC, along with network isolation and SOC 2, ISO 27001, etc aligned controls. You will embed these capabilities directly into our automated pipeline and articulate their value in clear, executive-level terms for CISOs.Prior AI research experience is not required, but you will be expected to learn on the job. Research activities such as authoring white papers, blog posts, devising a novel technique, or approach, and learning AI on the job will be required.Job Location: Onsite preferred, but remote considered for strong candidates in US or Canada.Comp Range: Between 150-250K depending on experience + equityCore ResponsibilitiesDesign and implement reusable "security primitives" in Harden (SSO/OIDC integrations, SAML bridges, SCIM provisioning flows, RBAC policy engines, secure session management) that can be automatically injected into customer apps.Define and enforce deny-by-default network patterns, surrogate credential schemes, egress allowlists, and secrets isolation for agent code running in customer VPCs.Collaborate with backend and platform engineers to build runtime security and observability features (policy evaluation, anomaly detection hooks, SIEM integrations, compliance dashboards) directly into the deployment pipeline.Continuously research AI security threats and best practices—across MLSecOps, agent security, and AI DevSecOps—and translate them into concrete hardening rules and product features. Own threat models for Harden’s platform and the AI-generated apps it deploys, focusing on identity, network boundaries, data flows, and AI-specific abuse paths (prompt injection, data exfiltration, agent jailbreaks).Relevant ExperienceStrong experience in security engineering, product security, or platform security for enterprise SaaS products, ideally with B2B customers that demand SSO, RBAC, and compliance guarantees.Hands-on ownership of at least one major identity/tenant feature in production: building SAML/OIDC SSO, SCIM 2.0 provisioning, or a multi-tenant RBAC system, including schema design, enforcement, and audit logging.Experience designing secure APIs, services, and infrastructure-as-code.Familiarity with cloud-native security (AWS, GCP, or Azure), Kubernetes, and patterns like zero-trust networking, least privilege, secret management, and service-to-service auth.Experience with security assessments, threat modeling, and design reviews for complex systems, ideally including authentication/authorization, data segregation, and logging.Strong understanding of security and compliance frameworks relevant to enterprise SaaS (SOC 2, ISO 27001, NIST), enough to design features that materially simplify audits.