Location: Remote (U.S. or Canada) Type: US Applicants – Full-Time; Canadian Applicants – Independent Contractor About Human Agency We're scaling rapidly and have a growing pipeline of opportunities that demand exceptional talent across disciplines. Our mission is to bring on individuals, from creative producers to technical experts to entrepreneurial leaders, who can help us realize this next chapter of growth. We are a company of doers. Leaders roll up their sleeves, teams work flat, and everyone contributes to what ships. Titles don't insulate us from feedback or basics. We invite critique, learn quickly, and keep raising the bar. The best ideas win here, no matter where they come from, because clients trust us to deliver the strongest outcomes every time. Our clients' missions, products, and bottom lines are sacred. We immerse ourselves in their world, becoming stewards of their goals and partners in solving big problems. Every product, strategy, or asset we create must be both beautiful and functional; practical, usable, and designed for real-world impact. Humans are our most valuable resource, and we only grow by hiring people who push us forward. Across strategy, engineering, design, data, and operations, we seek out teammates who raise the bar and make us better. Always hire up, never down. We partner with organizations of all sizes to explore, design, and implement AI strategies that are secure, scalable, and human-centered. We believe AI should amplify human potential, not replace it, and we build with that conviction in every engagement. From advisory and tooling to implementation and education, we meet clients where they are and help them integrate AI in ways that align with their mission and values. Our goal is to empower teams to work smarter, move faster, and unlock new possibilities through thoughtful, responsible innovation. And through it all, we lead with purpose, love, and adventure. We do meaningful work with people we care about, and we make the ride an adventure worth taking. Because at Human Agency, who we are and how we work are one and the same. The Opportunity This is not a traditional CISO role. You are not here to maintain a security program. You are here to build the future of security at the frontier where AI systems meet real-world deployment. We're looking for someone who could easily be a CISO at a major company but chooses instead to operate as a builder, operator, and creator. Your job is simple to describe and hard to do: be the person who can answer and solve any security problem we or our clients encounter. Not advise on it. Not escalate it. Solve it. The security playbook for this world doesn't exist yet. You will write it—not as a document, but as working systems that actually protect these environments. This role sits at the intersection of AI agent security, offensive and defensive thinking, product and infrastructure security, and real-world deployment. You will think like a founder, build like an engineer, and operate inside live environments where the stakes are real. What You'll Own - Solve security problems end-to-end. You are the person we call when a client asks a complex or novel security question, when an AI agent system needs hardening in production, or when a new threat vector emerges without a playbook. You don't escalate. You figure it out, build the solution, and deploy it. - Build security systems, not just strategies. You will write production-quality code. Build internal tools, agents, and automations for security. Use tools like Claude Code to rapidly prototype and deploy. Develop monitoring, guardrails, and enforcement systems for AI agents. Turn security concepts into working software that runs in production. - Design security for AI-native systems. Secure multi-agent systems and autonomous workflows. Design protections against prompt injection, model manipulation, and agent abuse. Build systems that audit, constrain, and monitor AI behavior in real time. Define how security actually works in an agent-driven world—these systems are live, not theoretical. - Act as a security founder inside the company. Identify gaps in the security market. Prototype new products and tools. Turn internal capabilities into external offerings. Help define entirely new categories of security. Some of what you build may become standalone products or ventures. - Represent security with clients as a trusted expert. Work directly with clients to answer high-stakes security questions with clarity and authority. Help them deploy AI systems safely. Translate complex risks into actionable decisions. Be as comfortable in front of a client as you are in a terminal. - Operate across digital and physical security where relevant. Think beyond traditional boundaries. Blend cyber and physical security when it matters. Consider real-world attack surfaces, not just digital ones. Design systems that reflect how environments actually operate. Who You Are Experience & Skills - You can write real, production-quality code and have done so recently—not five years ago when you were an IC, but now. You use modern tools like Claude Code to accelerate development and can go from idea to deployed system without waiting on others. - You deeply understand security across infrastructure, applications, and AI systems. You have operated in real production environments at scale, not just designed policies or frameworks. You can threat model anything, even systems that don't have established patterns yet. - You have significant experience in security leadership—CISO, Head of Security, or senior security architect—but you didn't stop building when you got the title. You kept your hands in the work and can still get into the system and solve the problem yourself. - You understand offensive and defensive security, red team and blue team thinking, and how attackers actually operate. You think in terms of real attack surfaces and threat vectors, not compliance checkboxes. - You have built security tooling, automation, or internal security products before. You understand what it takes to go from prototype to production and have done it multiple times. Mindset & Traits - You could take a traditional CISO role tomorrow but don't want to because you want to build, not just manage. You care more about where security is going than where it's been. - You are an operator under uncertainty. You move quickly, test ideas in production, iterate based on reality, and don't wait for perfect information. You are comfortable working without a playbook because you're writing the playbook. - You think in terms of leverage and impact, not just coverage. You see security as a product and a capability—something that enables the business and creates competitive advantage—not a cost center or compliance exercise. - You are a systems thinker who doesn't just solve the immediate issue but understands the broader landscape. You can zoom out to see how threats, systems, and incentives interact. You anticipate problems before they fully emerge. - You are intellectually honest and direct. You tell clients and teammates what they need to hear, not what they want to hear. You have strong opinions, loosely held, and change your mind when presented with better information. - You are energized by ambiguity and building in new territory. The idea of defining security for AI-native systems excites you more than optimizing an existing security program. You want your work to directly shape how this field evolves. Equal Opportunity Commitment Human Agency is an Equal Opportunity Employer. We value diverse perspectives and are committed to building inclusive, high-performing teams where everyone can do their best work.

Location: Remote (U.S. or Canada) Type: US Applicants – Full-Time; Canadian Applicants – Independent Contractor About Human Agency We're scaling rapidly and have a growing pipeline of opportunities that demand exceptional talent across disciplines. Our mission is to bring on individuals, from creative producers to technical experts to entrepreneurial leaders, who can help us realize this next chapter of growth. We are a company of doers. Leaders roll up their sleeves, teams work flat, and everyone contributes to what ships. Titles don't insulate us from feedback or basics. We invite critique, learn quickly, and keep raising the bar. The best ideas win here, no matter where they come from, because clients trust us to deliver the strongest outcomes every time. Our clients' missions, products, and bottom lines are sacred. We immerse ourselves in their world, becoming stewards of their goals and partners in solving big problems. Every product, strategy, or asset we create must be both beautiful and functional; practical, usable, and designed for real-world impact. Humans are our most valuable resource, and we only grow by hiring people who push us forward. Across strategy, engineering, design, data, and operations, we seek out teammates who raise the bar and make us better. Always hire up, never down. We partner with organizations of all sizes to explore, design, and implement AI strategies that are secure, scalable, and human-centered. We believe AI should amplify human potential, not replace it, and we build with that conviction in every engagement. From advisory and tooling to implementation and education, we meet clients where they are and help them integrate AI in ways that align with their mission and values. Our goal is to empower teams to work smarter, move faster, and unlock new possibilities through thoughtful, responsible innovation. And through it all, we lead with purpose, love, and adventure. We do meaningful work with people we care about, and we make the ride an adventure worth taking. Because at Human Agency, who we are and how we work are one and the same. The Opportunity This is not a traditional enterprise CISO role where you inherit a legacy infrastructure, manage a large team, and maintain the status quo. This is a hands-on, entrepreneurial builder role. You are joining at the frontier of AI security — designing systems that don't yet exist, solving problems the industry is only beginning to name, and treating security not as a cost center but as a strategic and commercial advantage. We're deploying AI agents at scale across client environments, building our own AI-powered tools, and advising organizations on how to safely integrate autonomous systems into mission-critical workflows. That creates a unique security mandate: you must secure our internal operations, embed security directly into the AI products we build, and help clients deploy agents safely in regulated, high-stakes environments. You are architect, operator, and evangelist all at once. You'll have the rare opportunity to shape how an entire category of technology gets secured. We're not asking you to retrofit old playbooks onto new problems — we're asking you to write the playbook. If you've been looking for a role where security is core to the product, where you can build things that matter, and where your work influences the broader conversation around AI safety and governance, this is it. What You'll Own Define and execute our security strategy from the ground up. You'll architect our internal security posture across infrastructure, data, and AI systems, establish governance models for how we deploy agents safely, and ensure we're prepared for compliance frameworks like SOC 2, ISO, and potentially FedRAMP as we scale into enterprise and government clients. Build security into AI agent systems as a first-class product feature. You'll design guardrails, monitoring, and policy enforcement for autonomous agents — ensuring they operate within defined boundaries, audit their own actions, and surface anomalies in real time. This isn't theoretical; you'll implement these systems in production environments where they directly impact client outcomes. Develop and potentially commercialize security products. The security tooling you build internally may become standalone offerings. You'll have the latitude to identify what's missing in the market, prototype solutions, and work with our product and engineering teams to turn internal infrastructure into revenue-generating products. Lead incident response, threat modeling, and adversarial testing. You'll build and run red team exercises against our AI systems, model attack vectors that don't yet have names, and develop response frameworks for risks unique to agentic AI — things like prompt injection at scale, model extraction, or adversarial manipulation of agent behavior. Serve as the public face of AI security for Human Agency. You'll represent us in client conversations, partner discussions, and industry forums. You'll publish, speak, and help shape the broader conversation around AI risk, alignment, and governance. If the industry doesn't yet have consensus on how to secure a given AI capability, you'll be one of the people defining it. Deploy and operate security infrastructure hands-on. You'll implement zero-trust architectures, secure multi-agent systems, deploy monitoring and detection tools, and build secure data pipelines. This is not a role where you delegate all technical work — you write code, you configure systems, you debug in production when necessary. Who You Are Experience & Skills - You've served as a CISO, VP of Security, or Head of Security at a high-growth tech company, ideally one building or deploying AI systems at scale. - You have deep, hands-on experience securing AI and machine learning systems — not just theoretical knowledge, but real work protecting LLM architectures, model training pipelines, and inference infrastructure. - You've built and operated cloud-native security programs across AWS, GCP, or Azure, including zero-trust frameworks, identity and access management, and secure multi-tenant architectures. - You understand threat modeling and red teaming deeply, and you've led adversarial exercises against complex systems — ideally including AI-specific attack vectors like prompt injection, model inversion, or data poisoning. - You've designed and implemented security monitoring, incident response, and compliance programs that scale — you know what good looks like at every stage from startup to enterprise readiness. - You have a track record of building or contributing to security products, not just internal programs — something you shipped that customers used, or tooling that became infrastructure for others. Mindset & Traits - You think like a founder. You see security as a competitive advantage and a product opportunity, not just a compliance checkbox. You want to build things, not just manage them. - You are comfortable with ambiguity and energized by unsolved problems. The fact that no one has secured autonomous AI agents at scale yet doesn't intimidate you — it excites you. - You are product-minded and commercially aware. You understand that security decisions have business implications, and you can articulate trade-offs in language that non-security stakeholders understand and respect. - You are technical enough to earn respect from engineers and pragmatic enough to earn trust from clients. You can debug a containerized agent deployment in the morning and present to a CFO in the afternoon. - You are a teacher and a builder of institutional knowledge. You document what you learn, you share what you know, and you leave systems better than you found them. - You care deeply about doing the right thing. You take security seriously because real people and real organizations depend on it, and you hold yourself to the highest standard even when no one is watching. Equal Opportunity Commitment Human Agency is an Equal Opportunity Employer. We value diverse perspectives and are committed to building inclusive, high-performing teams where everyone can do their best work.

• Close collaboration with clients on the planning, implementation and operation of ISMS and compliance frameworks • Conducting gap analyses and deriving and prioritizing remediation measures • Developing and aligning policies, processes, role models, Statements of Applicability (SoA) and supporting evidence • Preparing for and supporting internal and external audits • Translating regulatory requirements into pragmatic, operational models • Regular communication with technical, organizational and management stakeholders

• Build and automate security solutions using Terraform; CI/CD pipelines, and policy-as-code frameworks. • Engineer and implement Secure Service Edge (SSE) capabilities, including internet access and endpoint connectivity using platforms such as Zscaler (ZIA and ZCC). • Own application edge security solutions including WAF, Bot Protection, and CDN capabilities using platforms such as Imperva. • Provide firewall governance and oversight using tools like Netography and Firemon Implement and operate CSPM and workload protection using platforms such as Wiz. • Architect scalable security solutions on AWS, integrating controls into development workflows via GitHub /bitbucket and CI/CD platforms. • Drive adoption of “Security as Code,” developing reusable modules, automation playbooks, and self-service deployment patterns. • Collaborate with DevOps, Platform Engineering, and Application Security teams to embed boundary protection into every layer of the software delivery lifecycle. • Integrate security tools with SIEM/SOAR platforms for centralized monitoring and response • Contribute to security architecture decisions, threat modeling, and risk-based prioritization • Mentor junior engineers and help raise the overall engineering bar within the team.