• Own and mature the product security program, including security review processes, secure development standards, risk prioritization, vulnerability remediation practices, and engineering enablement. • Lead security architecture reviews and secure design initiatives across backend services, web applications, mobile applications, APIs, and remote devices. • Review source code and application architecture to identify security vulnerabilities, insecure patterns, and operational risks. • Partner closely with Engineering, DevOps, QA, Infrastructure, and Product teams to integrate security into the software development lifecycle. • Establish and enforce secure coding standards, development guidelines, and security best practices. • Mentor and guide software engineers on secure development practices and remediation strategies. • Perform threat modeling and risk assessments for new and existing products and infrastructure. • Assist in incident response investigations, root cause analysis, and remediation planning. • Evaluate third-party libraries, frameworks, and dependencies for security and operational risks. • Collaborate with DevOps and Infrastructure teams on cloud security, CI/CD security, secrets management, and system hardening. • Drive vulnerability management efforts, including prioritization, remediation guidance, and validation. • Help define and implement logging, monitoring, and security alerting strategies. • Partner with external security consultants and vendors on penetration testing and security assessments. • Promote a security-first engineering culture across the organization.

Role Description This is the company’s first dedicated security hire. You will define and build the company’s security program from scratch, working directly with a security-minded co-founder. This role spans product security, application security, corporate security, compliance, incident response, and detection. Over time, this person may build and lead the security function. - Own the company’s security posture across product, infrastructure, and internal systems - Lead security reviews, threat modeling, and secure design work - Build foundational security systems such as secrets management, audit logging, vulnerability management, and certificate infrastructure - Drive compliance programs such as SOC 2, ISO 27001, GDPR, and CCPA - Define incident response processes and detection capabilities - Partner closely with engineering to embed security into product development - Help shape security culture across a small, high-caliber team Qualifications - 5+ years of security engineering experience - Strong application security background - Experience with secure SDLC, threat modeling, vulnerability management, and security architecture - Experience contributing to or running security programs - Compliance experience, ideally SOC 2, ISO 27001, GDPR, or similar - Backend or systems engineering fluency; Go experience is a plus - Ability to operate with high ownership in an early-stage environment - Low-ego, collaborative mindset and willingness to wear multiple hats Nice to Have - First or second security hire experience at a startup - Detection engineering experience - Identity, access management, enterprise IT, or security software background - Kubernetes, GCP, cloud security, or infrastructure security experience - Published security research, talks, or open-source security work

• Gestionar el acceso de usuarios, roles y aprovisionamiento utilizando controles de acceso basados en roles

• Designing and implementing runtime security controls that protect inference execution environments against adversarial inputs, model extraction, and unauthorized access • Conducting threat modeling and security assessments of inference serving frameworks, model loading pipelines, and GPU execution environments • Hardening model serving infrastructure including container isolation, runtime sandboxing, and supply chain integrity for model artifacts and dependencies • Developing automated security testing and monitoring for inference workloads to detect anomalous behavior, data exfiltration, and prompt-based attacks • Collaborating with platform and model intelligence teams to establish security standards across the full inference lifecycle from model ingestion to production serving