Security Engineer

What we’re building
Respan is building the self-driving observability and evals platform for AI teams, used by 60+ YC companies and hundreds of AI teams.

The role

You will own security at Respan end to end: application security, infrastructure security, cloud and deployment hardening, access control, secrets management, customer data protection, SOC 2 and enterprise security readiness, and the security systems that let our engineering team ship AI gateway, observability, and eval infrastructure safely at high velocity.

What you’ll do:

• Own security across Respan’s full stack, including application code, APIs, cloud infrastructure, internal tools, CI/CD, data flows, and developer workflows.
• Build secure-by-default systems across authentication, authorization, permissions, secrets management, audit logs, encryption, and customer data access patterns.
• Protect sensitive AI and customer data, including logs, traces, eval data, API keys, prompts, model responses, agent workflows, and gateway-level controls.
• Partner directly with engineering to find and fix real risks, including architecture reviews, code/config reviews, vulnerability remediation, GuardDuty issues, and unusual user behavior detection.
• Support enterprise security readiness and internal operations, including SOC 2, customer security reviews, vendor questionnaires, policies, controls, evidence collection, access reviews, onboarding/offboarding, incident response, monitoring, and security documentation.

What you must have:

• 3+ years of experience in security engineering, application security, cloud security, infrastructure security, or DevSecOps
• Strong understanding of web apps, APIs, authentication, authorization, cloud infrastructure, CI/CD, secrets management, encryption, audit logs, and access control
• Strong judgment to identify real security risks across product, infrastructure, and internal workflows
• Clear communicator who can explain security tradeoffs without slowing the team down

Strong plus:

• Experience with SOC 2, compliance readiness, enterprise security reviews, or customer trust documentation
• Experience securing AI/LLM applications, agentic systems, observability, logging, tracing, evals, gateways, or developer tools
• Experience with cloud and infrastructure tools like AWS, GCP, Azure, Vercel, Docker, Kubernetes, Terraform, GitHub Actions, or modern CI/CD
• Experience with incident response, security monitoring, pen testing, or bug bounty programs