AI Application Security Engineer at Brainco

ABOUT BRAIN CO. Brain Co. is an applied AI startup co-founded by Jared Kushner and Elad Gil, and backed by leading Silicon Valley builders including Patrick Collison and Andrej Karpathy. We are building AI applications for the world's most important institutions, delivering impact on real-world problems across governments, healthcare systems, and critical industries. Our progress so far: - Automated construction permitting for a sovereign government → 80% faster, unlocking $375M+ in value - Optimized supply chains for a leading global energy company → 30% lower cost, 99% reliability, preventing $100M+ in losses - Streamlined hospital patient care across national health systems → 40% better outcomes, 80% less admin work Company momentum: - Raised a $55M Series A from leading investors - Built a team of 70+ AI experts from Tesla, Google DeepMind, NVIDIA, and Databricks THE ROLE As our Security Engineer, Application & AI, you will own the security of our products and application layer — secure development practices, agent security, third-party integration security, and data protection for AI products operating in some of the world's most regulated and sensitive environments. This is a hands-on builder role. You will write code, ship security tooling, and work directly with product and ML engineers to build security in from the start rather than bolt it on after. You are expected to work AI-natively: using AI to write threat models, automate security review, scale code analysis, and build internal tooling. This is not a nice-to-have — it is how the role is designed to operate and how one person can have outsized impact across a fast-moving engineering organization. Brain Co.'s products are built on agentic infrastructure — AI that takes actions, calls tools, and operates inside complex institutional workflows. The degree varies by product, but the underlying security surface is consistent: how agents are authorized, what they can touch, and how that is controlled at the application layer. This role is specifically designed to address that surface, working alongside the Infrastructure Security Engineer who owns the platform layer underneath. WHAT YOU'LL WORK ON Application Security - Own secure development practices across our products: AuthN/AuthZ patterns, secrets management, input handling, and secure-by-default standards that engineers can follow without security becoming a bottleneck. - Integrate security into the development lifecycle — code review, CI/CD pipelines, and pre-deployment checks — catching risk before it reaches production. - Conduct threat modeling across product features and release cycles, translating risk into concrete controls that ship alongside each product. - Build and maintain security tooling and automated checks that scale your reach across the codebase — using AI to move faster and cover more ground than manual review alone could. Agent & Integration Security - Own the application-layer security model for Brain Co.'s agentic products — how agents are scoped, what they are authorized to do on behalf of users, and where trust boundaries sit between the agent and the external systems it touches. - Define secure patterns for how agents integrate with third-party systems and APIs: how credentials are stored and scoped, how responses are validated before being acted on, and how each product limits what agents can do with what they get back. - Work directly with product and ML engineers during feature development to define secure agent design patterns: tool scoping, permission boundaries, output validation, and safe handling of user context across multi-step workflows. - Build reusable secure-by-default patterns for agent development — design guidelines, review checklists, and code-level guardrails — so that security standards scale as new agent capabilities are built. - Produce security artifacts for agent features and product deployments: threat models, architecture reviews, and documentation that supports delivery into regulated customer environments. Data Protection - Define and enforce data protection standards at the application layer — ensuring sensitive customer data (PHI, PII, government records) is handled correctly as it flows through AI pipelines and surfaces in agent outputs. - Build safeguards against unauthorized data exposure across our products: access controls, output filtering, and audit logging that make data handling attributable and reviewable. - Design secure data handling patterns for AI features operating on regulated data, working with platform and ML teams to ensure the application layer upholds its share of the data protection contract. YOU MIGHT BE A GREAT FIT IF YOU... - Have 5+ years of experience in application security or product security, with hands-on experience on production systems at scale. - Are a builder first — you write code and ship security tooling, and see embedding security into the engineering workflow as the job, not a side effect of it. - Have deep fluency in application security fundamentals: OWASP Top 10, AuthN/AuthZ, secure SDLC, secrets management, secure integration patterns, and cryptography basics. - Understand the security surface of agentic AI across the product layer — how agents should be designed, scoped, and reviewed for risk — and can work shoulder-to-shoulder with engineers to build those standards in. - Have experience protecting sensitive data at the application layer: access controls, audit logging, and preventing data exposure through third-party integrations and AI-generated outputs. - Work AI-natively — you already use AI to write better code, move faster, and do more with less, and you bring that same instinct to security work. - Think in attack surfaces and trust boundaries and can move cleanly from threat model to concrete shipped control. - Are comfortable working alongside delivery teams shipping into regulated industries, understanding their constraints and translating them into product-level security requirements. - Thrive in high-agency environments and want to own and grow the application security function as the company scales. BONUS POINTS FOR - Experience with agent security, LLM application security, or building authorization and guardrail systems for agentic pipelines. - Familiarity with compliance frameworks relevant to government and healthcare: FedRAMP, HIPAA, SOC 2, ISO 27001. - Proficiency in Python, Go, or TypeScript for security tooling and automation. - Experience with SAST/DAST tooling or integrating automated security checks into developer workflows at scale. WHY JOIN US - Define what application and AI security looks like at a company building frontier AI for governments, hospitals, and critical industries — from the ground up. - Work directly alongside product and ML teams shipping agentic AI into some of the world's most demanding institutional environments. - Build the security function AI-natively — using the same technology you're helping secure to scale your own work and impact. - Work alongside senior engineers from Tesla, DeepMind, Databricks, and other top engineering organizations. - Ship fast, learn constantly, and see your work protect production systems used by millions of people. - Earn competitive compensation and meaningful equity in a high-growth company. BENEFITS - Competitive salary plus equity - Daily lunches - Commuter benefits - 401(k) - Medical, Dental, and Vision - Unlimited PTO