About Zamp:

Mission -

Zamp is not a company, we’re a humanity catalyst. We’re on a mission to enable people to move at the speed of thought.

This decade, we’re focused on building digital employees for the future of work, unlocking human creativity at a scale the world has never seen. We work with 50+ top global organizations and banks (including DoorDash, Uber, and Stripe) with billions in revenue. We raised a $22M seed round in 2022 from Sequoia Capital, Dara Khosrowshahi (CEO, Uber), Tony Xu (CEO, DoorDash), and other global leaders.

One aspect of our purpose is to build what we believe to be the world’s best team, passionate, authentic, and relentlessly curious people who want to do their life’s best work, learn as much as possible, and create outsized impact.

Hear more from our founders on our company here.

Role Overview:

Security and trust are foundational to our platform. We’re looking for a Senior Security Engineer to lead our efforts in securing everything from the model to the infrastructure, ensuring that safety and privacy are first-class citizens in the age of AI agents.

As a Senior Security Engineer, you will be responsible for designing, implementing, and continuously improving the security architecture of our platform. You’ll work closely with engineering, product, and infrastructure teams to ensure the secure development and operation of our agentic systems, which interact with sensitive data, APIs, and third-party services. 

Responsibilities:

• Define and implement the overall security strategy for the platform and supporting infrastructure.

• Perform deep dive AppSec assessments (Pentesting, Code Review, AI Security) for complex architectures and applications.

• Secure cloud-native, agentic architectures involving LLMs, APIs, and data pipelines. Integrate secure coding practices and threat modeling into the SSDLC.

• Automate Security wherever possible, including but not limited to building in-house tooling and solving custom business use-cases.

• Conduct security design reviews and code audits across AI and agent workflows. Partner with dev teams to secure APIs, sandboxed agents, and execution environments.

• Design and implement guardrails for autonomous agents to prevent prompt injection, model hallucination risks, or undesired behaviours, including OWASP LLM Top 10 and OWASP Agentic AI Top 10 threats.

• Perform detailed vulnerability analysis to mitigate any identified issues across all charters at a foundational level.

• Re-enforce Cyber Defense tooling and configurations for maximum visibility and action.

• Implement controls for data privacy, PII/PHI masking, tokenization, retention, and deletion. Ensure secure data flows between user input, AI agents, and external systems.

• Contribute to AI risk management frameworks (e.g., model explainability, bias, adversarial robustness).

• Manage network hardening, and secure CI/CD pipelines. Lead vulnerability management, container security, and endpoint protection.

• Own security incident response and forensic readiness.

• Contribute to achieving and maintaining relevant compliance (SOC2, ISO 27001, ISO 42001 etc.). Define and enforce security policies (acceptable use, data classification, access control, etc.). Build security checks into infrastructure-as-code, CI/CD, and agent deployment flows. Use tooling for static analysis, runtime monitoring, DLP, etc.

• Identify and remediate vulnerabilities before they can be exploited in production environments.

• Ensure coverage across APIs, agents, cloud infrastructure, and LLM integrations.

Qualifications:

• 4+ years of experience in security engineering, preferably in fast-paced or startup environments.

• Excellent pen testing and vulnerability analysis skills (not just tool-based or AI-dependent testing but original resilient creative testing as well).

• Excellent automation skills, and a thought process leaning towards in-house/open source tooling instead of jumping to enterprise frameworks.

• Strong understanding of secure software development and common vulnerabilities (e.g., OWASP Top 10, SSRF, LFI, RCE).

• Experience securing LLM pipelines, agents, or machine learning infrastructure (preferred).

• Should have a deep understanding of AI, LLMs and related attack vectors (OWASP TOP 10 LLM and Agentic threats - in detail).

• Deep knowledge of cloud-native security (AWS/GCP), containerisation (Docker/K8s), and DevSecOps.

• Should have a strong ownership mindset about ensuring functional security - not just following a checklist but owning and closing issues above and beyond traditional security roles.

• Experience working with data privacy regulations (GDPR, CCPA) and industry standards (SOC2, ISO).

• Proficiency with tools like Vault, Snyk, Prisma Cloud, Trivy, etc.

• Excellent communication skills and ability to influence security practices across teams.

• Should be comfortable with flexible working hours and maintaining consistent availability for any major/minor incidents.

• MUST HAVE: Big Picture thinking + Detail oriented analysis, creative mindset for identifying and solving issues, initiative (taking on tasks without being asked to), the ability to go the extra mile for every task.

Bonus if You Have:

• Experience securing AI/LLM-based applications or agentic systems. 

• Exposure to red-teaming or adversarial threat modeling for AI workflows. 

• Contributions to open-source security or AI safety projects. 

Our Culture and Benefits: 

At Zamp, we promote a culture of open communication, collaboration, and empowerment. We value transparency, meritocracy, and a strong work ethic. Join our early team and help us build something exceptional. 

Perks: 

• Competitive salaries and stock options with substantial potential upside. 

• Collaborate with top talent. 

• Diverse and inclusive workspace. 

• Comprehensive medical insurance for employees, spouses, and children. 

• A culture celebrating every victory. 

• Continuous learning and skill development opportunities. 

• Enjoy good food, games, and a comfortable office environment.