Senior Security Engineer

About LangChain

At LangChain, our mission is to make intelligent agents ubiquitous. We help developers build mission-critical AI applications across the entire agent development lifecycle. Our open source frameworks — LangChain and LangGraph — see over 70+ million downloads per month. Developers rely on LangChain for composable integrations and LangGraph for controllable agent orchestration. Our commercial agent platform, consisting of LangSmith and LangGraph Platform, enables teams to build, test, run, and manage agents at scale across their organization.

Founded in 2023, LangChain powers top engineering teams at companies like Replit, Lovable, Clay, Klarna, LinkedIn, and more.

About the role

In person 5 days/week in San Francisco, CA or New York, NY

You’ll be the hands‑on security lead embedded with core product teams to secure agentic workloads end‑to‑end, from SDK through LangSmith/Graph services and customer integrations. You’ll define our security roadmap, land immediate hardening wins, and raise the bar on how AI infra is protected in production.

• Own product & platform security: Design and drive application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go).

• Secure-by-default authN/Z: Evolve SSO/SAML/OIDC/SCIM, token lifecycles, service‑to‑service auth, and tenant isolation for cloud and self‑hosted customers.

• Ship code & reviews: Land secure designs, write PRs, and introduce lightweight checks (linters, dependency/supply‑chain scanning, SBOM/SLSA provenance).

• Hardening & operations: Network segmentation/Zero Trust, Kubernetes posture, secrets management, key rotation, least‑privilege IAM, egress controls.

• Incident readiness: Develop IR runbooks, detection rules, and tabletop exercises; lead post‑incident forensics and blameless RCAs.

• Vuln management: Own scanning/triage/patch SLAs; coordinate with engineering to remediate quickly without slowing delivery.

How to be successful in this role

• 5+ years in security engineering with strong software skills (Python or Go; TypeScript a plus).

• Depth in cloud/Kubernetes security (e.g., GCP/AWS IAM, workload identity, admission controls, network policies).

• Hands‑on AppSec: code review, threat modeling, secure design, secrets & key management, authn/z patterns, multi‑tenant isolation.

• Experience building detection & response and running incident management.

• Familiarity with supply‑chain security (SBOM, sigstore/cosign, SLSA‑style controls) and dependency risk management.

• Clear, pragmatic communication with engineers and customers.

Nice to have

• Security for SaaS + self‑hosted offerings, including air‑gapped deployments.

• Exposure to SOC 2 / ISO 27001 programs and evidence automation.

• Experience with Go services and Infra as Code (Terraform/Helm), plus policy‑as‑code (OPA/Gatekeeper/Kyverno).

• Knowledge of privacy patterns (data minimization, retention, masking, workspace scoping)..

Compensation & Benefits

• Competitive salary and equity stake for role and stage of company. Commensurate with experience.

• Annual salary range: $175,000-$215,000 USD for Senior Engineers