Senior Security Engineer

Location

San Francisco, CA, New York, NY

Employment Type

Full time

Location Type

On-site

Department

Engineering

About LangChain

At LangChain, our mission is to make intelligent agents ubiquitous. We provide the agent engineering platform and open source frameworks developers need to ship reliable agents fast.

Our open source frameworks, LangChain and LangGraph, see over 90+ million downloads per month and help developers build agents with speed and granular control. LangSmith offers observability, evaluation, and deployment for rapid iteration, enabling teams to transform LLM systems into dependable production experiences.

LangChain is trusted by millions of developers worldwide and powers AI teams at companies like Replit, Clay, Cloudflare, Harvey, Rippling, Vanta, Workday, and more.

About the role

In person 5 days/week in San Francisco, CA or New York, NY

You’ll be the hands‑on security lead embedded with core product teams to secure agentic workloads end‑to‑end, from SDK through LangSmith/Graph services and customer integrations. You’ll define our security roadmap, land immediate hardening wins, and raise the bar on how AI infra is protected in production.

• Own product & platform security: Design and drive application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go).
• Secure-by-default authN/Z: Evolve SSO/SAML/OIDC/SCIM, token lifecycles, service‑to‑service auth, and tenant isolation for cloud and self‑hosted customers.
• Ship code & reviews: Land secure designs, write PRs, and introduce lightweight checks (linters, dependency/supply‑chain scanning, SBOM/SLSA provenance).
• Hardening & operations: Network segmentation/Zero Trust, Kubernetes posture, secrets management, key rotation, least‑privilege IAM, egress controls.
• Incident readiness: Develop IR runbooks, detection rules, and tabletop exercises; lead post‑incident forensics and blameless RCAs.
• Vuln management: Own scanning/triage/patch SLAs; coordinate with engineering to remediate quickly without slowing delivery.

How to be successful in this role

• 5+ years in security engineering with strong software skills (Python or Go; TypeScript a plus).
• Depth in cloud/Kubernetes security (e.g., GCP/AWS IAM, workload identity, admission controls, network policies).
• Hands‑on AppSec: code review, threat modeling, secure design, secrets & key management, authn/z patterns, multi‑tenant isolation.
• Experience building detection & response and running incident management.
• Familiarity with supply‑chain security (SBOM, sigstore/cosign, SLSA‑style controls) and dependency risk management.
• Clear, pragmatic communication with engineers and customers.

Nice to have

• Security for SaaS + self‑hosted offerings, including air‑gapped deployments.
• Exposure to SOC 2 / ISO 27001 programs and evidence automation.
• Experience with Go services and Infra as Code (Terraform/Helm), plus policy‑as‑code (OPA/Gatekeeper/Kyverno).
• Knowledge of privacy patterns (data minimization, retention, masking, workspace scoping)..

Compensation & Benefits

• We offer competitive compensation that includes base salary, meaningful equity, and benefits such as health and dental coverage, flexible vacation, a 401(k) plan, and life insurance. Actual compensation will vary based on role, level, and location. For team members in the EU and UK, we provide locally competitive benefits aligned with regional norms and regulations.
• Annual salary range: $175,000-$215,000 USD for Senior Engineers