Lead Application Security Engineer

Lead Application Security Engineer

San Mateo, CA (Hybrid)

Eve is redefining legal technology for plaintiff law firms, and we're building the team that will take us there. We help firms handle more cases, recover more for clients, and grow with AI that works across every stage of a case, from intake through resolution. The next generation of great plaintiff firms will be AI-Native, and Eve is how they get there. But what makes Eve different isn't just the product. It's how we build it. If you're someone who takes ownership, stays curious, and wants to build AI that's already changing how law is practiced, this is where you belong.

As a Security Engineer at Eve, you'll help build the security foundation for an AI-native product used by law firms handling highly sensitive legal and client data. This is a hands-on engineering role for someone who wants to build, not just audit. You'll work directly with product, engineering, infrastructure, and AI teams to make security a practical advantage across the company.

You'll own high-impact security work across application security, cloud infrastructure, identity and access, secure SDLC, vendor risk, AI security, and incident readiness. You'll review designs, write code, build automation, harden systems, and help engineers ship quickly without compromising trust. A key part of the role is staying current with the evolving security landscape, especially AI-enabled offensive and defensive techniques, and translating that judgment into practical roadmap recommendations that keep Eve ahead of emerging risks.

What You'll Do

• Build and scale Eve's product and application security program across design reviews, threat modeling, code review, vulnerability management, and secure deployment.
• Partner with engineering teams to secure AI-native workflows, including data handling, prompt-injection risk, model/tool access, and sensitive legal information flows.
• Track emerging security trends, including red-team AI-based offensive tactics and blue-team AI-based defensive tactics where applicable, and translate them into pragmatic product and engineering roadmap recommendations.
• Develop practical defenses for AI-enabled abuse cases such as prompt injection, model/tool misuse, data exfiltration, unsafe agent behavior, and sensitive legal data exposure.
• Develop internal security tooling and automation for areas like dependency scanning, secrets detection, access review, abuse detection, and security workflow triage.
• Review architecture and product changes for security risks, then help implement pragmatic fixes directly in the codebase when needed.
• Strengthen cloud, infrastructure, and deployment security across identity, permissions, network boundaries, CI/CD, monitoring, and incident response.
• Build security practices that help Eve move faster: clear standards, lightweight processes, reusable libraries, and guardrails that fit how engineers actually work.
• Support compliance and customer trust efforts by helping translate Eve's security posture into clear, accurate technical evidence.
• Stay close to the product and customers so security decisions reflect real user workflows, business needs, and the sensitivity of legal work.

What We're Looking For

• Technical Depth: 5+ years of experience in application security, including significant time spent writing and reviewing code.
• Software Engineering Skills: Proficiency in more than one major coding language. You should be comfortable contributing directly to the codebase.
• Cloud & Containers: Practical experience securing cloud environments (AWS preferred) and a strong understanding of cloud security.
• Systems Thinking: A deep understanding of identity and access management (SAML, OAuth, IAM) and how to protect sensitive data at rest and in transit.
• AI Security Fluency: Awareness of red-team AI-based offensive tactics and blue-team AI-based defensive tactics, with good judgment about where those techniques apply in real products.
• Security Curiosity & Roadmap Ownership: Staying current with the security landscape and turning emerging threats, tools, and defensive patterns into practical quarterly roadmap recommendations.
• Pragmatism: The ability to balance security risks with business velocity. You should be able to propose creative "middle ground" solutions that reduce risk without blocking progress.
• Versatility: A willingness to jump into areas adjacent to traditional AppSec—e.g. data analysis, AI security research, or protecting against prompt injection—to get the job done.

Nice To Have

• Experience securing SaaS products that process sensitive customer data.
• Experience with legal, healthcare, fintech, enterprise SaaS, or other regulated/high-trust environments.
• Experience with Kubernetes, GCP/AWS, TypeScript, Python, Go, or similar production engineering stacks.
• Familiarity with SAML, OAuth, OIDC, RBAC/ABAC, audit logging, data encryption, and enterprise security controls.
• Experience building security programs at a high-growth startup.

Final compensation will be determined based on a variety of factors, including but not limited to relevant experience, skills, interview performance, and the scope and level of the role and candidate.

US Base Salary Range

$195,000 - $300,000 USD

Competitive Salary & Equity 401(k) Program with Employer Matching Health, Dental, Vision and Life Insurance Short Term and Long Term Disability Commuter Benefits* Autonomous Work Environment Workplace Setup Reimbursement Telecomm Stipend Flexible Time Off (FTO) + Holidays Quarterly Team Gatherings In office Perks*

*In office employees only

Eve Legal is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex (including pregnancy, sexual orientation, or gender identity), national origin, age, disability, genetic information, veteran status, or any other characteristic protected by applicable local laws, regulations and ordinances. If you need assistance and/or a reasonable accommodation during the application process, reach out to your recruiter.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.