Senior Security Engineer

At LangChain, our mission is to make intelligent agents ubiquitous. We build the foundation for agent engineering in the real world, helping developers move from prototypes to production-ready AI agents that teams can rely on. We began as widely adopted open-source tools and have grown to also offer a platform for building, evaluating, deploying, and operating agents at scale.

With $125M raised at Series B from IVP, Sequoia, Benchmark, CapitalG, and Sapphire Ventures, we’re at a stage where we’re continuing to develop new products, growth is accelerating, and all team members have meaningful impact on what we build and how we work together. LangChain is a place where your contributions can shape how this technology shows up in the real world.

Today, LangChain, LangGraph, LangSmith, and Fleet are used by teams shipping real AI products across startups and large enterprises. Millions of developers trust LangChain to power AI teams at companies like Replit, Clay, Coinbase, Workday, Lyft, Cloudflare, Harvey, Rippling, Vanta, and 35% of the Fortune 500.

The Security team ensures that while AI moves at breakneck speed, everyone driving the racecar is wearing a seatbelt. We secure LangChain's core platform and protect AI agents from emerging threats. We work across the stack so developers can confidently ship from prototype to production without compromising on safety or privacy.

You’ll be the hands‑on security lead embedded with core product teams to secure agentic workloads end‑to‑end, from SDK through LangSmith/Graph services and customer integrations. You’ll define our security roadmap, land immediate hardening wins, and raise the bar on how AI infra is protected in production. We are looking for engineers who have expertise in cloud/infrastructure security or application security (both is a plus!)

• →

  Own product & platform security: Design and drive application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go).

• →

  Secure-by-default authN/Z: Evolve SSO/SAML/OIDC/SCIM, token lifecycles, service‑to‑service auth, and tenant isolation for cloud and self‑hosted customers.

• →

  Vuln management: Own scanning/triage/patch SLAs; coordinate with engineering to remediate quickly without slowing delivery.

• →

  Ship code, reviews, and tooling: Land secure designs, write PRs, perform penetration testing, and introduce lightweight checks (linters, dependency/supply‑chain scanning, SBOM/SLSA provenance) to enable security at scale.

• →

  Hardening & operations: Network segmentation/Zero Trust, Kubernetes posture, secrets management, key rotation, least‑privilege IAM, egress controls

• 5+ years in security engineering with strong software skills (Python or Go; TypeScript a plus).

• Depth in cloud/Kubernetes security (e.g., GCP/AWS IAM, workload identity, admission controls, network policies).

• Hands‑on AppSec: code review, threat modeling, secure design, secrets & key management, authn/z patterns, multi‑tenant isolation.

• Experience building detection & response and running incident management.

• Familiarity with supply‑chain security (SBOM, sigstore/cosign, SLSA‑style controls) and dependency risk management.

• Clear, pragmatic communication with engineers and customers.

• Security for SaaS + self‑hosted offerings, including air‑gapped deployments.

• Proficiency with AI tooling to expedite security reviews

• Solid understanding of AI itself, including AI threats, adversarial testing

• Exposure to SOC 2 / ISO 27001 programs and evidence automation.

• Experience with Go services and Infra as Code (Terraform/Helm), plus policy‑as‑code (OPA/Gatekeeper/Kyverno).

• Knowledge of privacy patterns (data minimization, retention, masking, workspace scoping).

• Annual salary range: $180,000- $225,000 USD