Security Engineer

About the Role We are looking for a strong security engineer to join our team at Vals AI. You will be a generalist, handling tasks on both product and corporate security alike. The role will require a high degree of ownership, autonomy, and responsibility, and will provide the opportunity to work on the cutting edge of the AI industry.

We work with all the major foundation model labs, some of the largest financial institutions, and hospital systems in the world. Our work has been featured by the Wall Street Journal, Washington Post, and Bloomberg.

We are building the standard for evaluating the ability of LLMs to perform real-world tasks. You secure the systems that make this possible.

What You’ll Do Overall

Help set security standards and practices across the organization

Conduct internal penetration testing of our product and systems, and work with external penetration testing firms.

Lead incident response activities and investigations into how incidents occurred

Product security

Partner with engineers to embed security into the SDLC, including threat modeling new features, reviewing designs, and providing guidance during development

Establish logging, monitoring, and detection capabilities to catch suspicious activity across both corporate and production environments

Secure cloud infrastructure (AWS), including IAM, security groups, and network isolation and controls

Corporate Security

Secure our physical device fleet, establishing hardened baselines to deploy via MDM

Deploy and tune email security tooling to defend against phising attacks and email spoofing.

Secure corporate network infrastructure, including office networks and VPN/Tailscale

We expect approximately 70% / 30% split between product and corporate security (depending on the needs of the business at any given time).

Requirements:

2+ Years of Experience: Counting only full-time professional experience

Network and Application Security: Experience in designing secure networks, systems, and application architectures

Cloud Security: Knowledge of cloud security best practices, especially relating to AWS services.

Monitoring and Prevention: Expertise in anti-malware software, intrusion detection, firewalls, and content filtering

Risk Assessment: Knowledge of risk assessment tools, technologies, and methods. We are looking for the ability to accurately predict and model likely threats.

IT Security: Including MDMs, EDR systems, DNS filtering, corporate networking, and other security tools.

Programming Experience: You should feel comfortable writing, reviewing, and testing code.

Location: We are an in-person team based in San Francisco. We will support your relocation or transportation as needed.

Nice-to-Haves

Penetration Testing: Prior experience with red-teaming software applications or participating in bug bounties.

Python experience: Python experience will be critical for application-layer security.

Familiarity with the LLMs: It is a bonus if you are already familiar with the industry.

Startup Background: Previous experience working at a startup, or starting your own company

What We Offer

Highly competitive salary and meaningful ownership. Excellence is well rewarded.

Relocation and transportation support

Health/dental insurance coverage

Lunch and dinner provided, free snacks/coffee/drinks

401K plan

Unlimited PTO