AI Security Architect

Emergent builds autonomous coding agents that replace traditional software development by generating, testing, and deploying production applications directly from plain-language intent. Our systems run in production at global scale and are used to build millions of real applications.

Since public launch, Emergent has reached $100M ARR in 8 months. 6M+ users across 190+ countries have built 6.5M+ applications on Emergent. We've raised $100M+, backed by Khosla Ventures, SoftBank, Google, Lightspeed, Prosus, Together, and Y Combinator.

We're solving the hard part of AI-driven software creation: correctness, reliability, security, and scale in real production systems. The team is built by repeat founders, Olympiad medalists, IIT & IIM alumni, and leaders from Google, Amazon, and Dropbox.

We're hiring builders who want ownership, speed, and impact at global scale.

• →Secure the AI-native stack end to end: design, implement, and continuously improve security controls across AI agent pipelines, multi-tenant cloud infrastructure, APIs, and user-generated application environments
• →Lead threat modelling and attack surface analysis: proactively identify risks in new product features, infrastructure changes, and AI-generated code patterns. Catch vulnerabilities at design time, not after deployment
• →Build and own vulnerability management: run automated security scans (SAST, DAST, SCA), triage findings by exploitability and impact, drive remediation, and track resolution to closure
• →Harden AI-generated application environments: define and enforce sandboxing strategies, code execution boundaries, secret handling standards, and runtime security controls
• →Drive security in the SDLC: embed security tooling and review gates into CI/CD pipelines, champion secure coding practices, conduct code reviews, and run internal red-teaming exercises
• →Detect, respond, and learn: build detection coverage using cloud-native logging and SIEM tooling. Lead incident response, triage, contain, eradicate, and produce clear post-mortems
• →Own compliance and trust: maintain and mature security posture against SOC 2, ISO 27001, and cloud security benchmarks. Serve as technical point of contact for customer security reviews

• 8 to 12 years of hands-on security engineering experience in a fast-moving product or cloud environment
• Strong application security foundation, able to read code (Python, JS/TS, SQL), identify vulnerabilities (OWASP Top 10, injection, auth flaws), and drive fixes with engineering teams
• Solid cloud security experience across AWS, GCP, or Azure including IAM, network security groups, secrets management, and container security (Docker, Kubernetes)
• Experience with SAST, DAST, SCA, secret scanning, and CSPM tooling across the development lifecycle
• Incident response experience with structured response from detection to post-mortem
• Excellent written and verbal communication, able to explain a critical vulnerability to a non-technical founder and a detailed CVE to a senior engineer
• High ownership mindset: you see a gap and close it

• Experience securing AI/ML systems including model APIs, prompt injection risks, LLM output validation, and multi-tenant AI inference
• Familiarity with sandboxed code execution environments or container escape scenarios
• Hands-on red teaming or penetration testing experience
• Compliance background: SOC 2 Type II, ISO 27001, GDPR and data privacy
• Prior experience at a high-growth startup or infrastructure-heavy product company

• Not a compliance-only or checkbox security role
• Not removed from engineering, you'll be deep in code, PRs, and architecture discussions
• Not slow-moving, we ship fast and you'll need to keep pace while raising the security bar