Application Security Engineer
Revolutionize AI Security with Decagon
Decagon is transforming customer experience with our cutting-edge conversational AI platform. We empower brands to deliver concierge-level support across chat, email, and voice, resolving millions of inquiries in any language, at any time. Join us and help secure the future of AI-powered customer interactions.
We're backed by industry leaders like Bain Capital Ventures, Accel, and a16z, and partner with companies like Hertz, Eventbrite, and Duolingo. We’re a fast-paced, in-office team driven by a commitment to excellence and innovation.
The Opportunity
As an Application Security Engineer at Decagon, you'll lead the charge in securing our AI-powered conversational platform. You will be instrumental in building security directly into our AI applications, protecting against sophisticated application-layer threats while maintaining the performance and reliability our customers expect. This is your chance to apply your deep application security expertise to AI systems and shape security practices across a rapidly growing engineering organization.
What You'll Do
Design and implement application security controls across our AI agent platform, including secure coding practices, threat modeling, and vulnerability management.
Collaborate closely with product engineering teams to integrate security throughout the software development lifecycle, from design, coding, PR, and deployment.
Establish application security testing programs including static analysis (SAST), dynamic analysis (DAST), and interactive testing (IAST) tailored for AI applications.
Lead security code reviews and architecture assessments for new features, with special focus on AI model integration points and customer data handling.
Build security tooling and automation to enable developers to identify and remediate vulnerabilities quickly while maintaining development velocity.
Respond to security incidents involving application vulnerabilities, coordinating remediation efforts and post-incident improvements.
What You'll Bring
5+ years of hands-on application security engineering experience.
Expertise in secure software development practices, including threat modeling, secure code review, and vulnerability assessment.
Strong software engineering background with ability to review code across multiple languages and frameworks commonly used in AI/ML applications.
Experience implementing application security testing tools and integrating security into CI/CD pipelines.
Knowledge of OWASP Top 10, common application vulnerabilities, and modern application security frameworks.
Proven track record working with engineering teams to remediate security findings while balancing security and business requirements.
Bonus Points
Experience securing AI/ML applications, including prompt injection, model extraction, and adversarial input protections.
Background with large-scale, multi-tenant SaaS applications handling sensitive customer data.
Familiarity with Google Cloud application security services and container security best practices.
Knowledge of enterprise compliance requirements (SOC 2, ISO 27001, GDPR) from an application security perspective.
Experience with modern security tools like Semgrep, CodeQL, Cursor Bug Bot, XBOW, or similar.
Perks & Benefits
Medical, dental, and vision benefits
Take what you need vacation policy
Daily lunches, dinners and snacks in the office to keep you at your best
Compensation: $240K – $330K + Equity