Key skills
Cloud securityApplication securityKubernetes securityPythonGoTypeScriptVulnerability managementIncident managementSupply-chain securityThreat modelingSecrets managementKey rotationData privacy patternsClear communicationAILangChainLangGraphAWSGCPTerraformKubernetesHelmIAMSAMLSSOSaaSRisk ManagementCommunicationPenetration TestingZero Trust
About this role
LangChain is dedicated to making intelligent agents ubiquitous by providing tools for agent engineering. The Senior Security Engineer will lead security efforts for core product teams, ensuring the security of agentic workloads and defining the security roadmap for various services.
Responsibilities:
- Own product & platform security: Design and drive application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go)
- Secure-by-default authN/Z: Evolve SSO/SAML/OIDC/SCIM, token lifecycles, service‑to‑service auth, and tenant isolation for cloud and self‑hosted customers
- Vuln management: Own scanning/triage/patch SLAs; coordinate with engineering to remediate quickly without slowing delivery
- Ship code, reviews, and tooling: Land secure designs, write PRs, perform penetration testing, and introduce lightweight checks (linters, dependency/supply‑chain scanning, SBOM/SLSA provenance) to enable security at scale
- Hardening & operations: Network segmentation/Zero Trust, Kubernetes posture, secrets management, key rotation, least‑privilege IAM, egress controls
Requirements:
- 5+ years in security engineering with strong software skills (Python or Go; TypeScript a plus)
- Depth in cloud/Kubernetes security (e.g., GCP/AWS IAM, workload identity, admission controls, network policies)
- Hands‑on AppSec: code review, threat modeling, secure design, secrets & key management, authn/z patterns, multi‑tenant isolation
- Experience building detection & response and running incident management
- Familiarity with supply‑chain security (SBOM, sigstore/cosign, SLSA‑style controls) and dependency risk management
- Clear, pragmatic communication with engineers and customers
- Security for SaaS + self‑hosted offerings, including air‑gapped deployments
- Proficiency with AI tooling to expedite security reviews
- Solid understanding of AI itself, including AI threats, adversarial testing
- Exposure to SOC 2 / ISO 27001 programs and evidence automation
- Experience with Go services and Infra as Code (Terraform/Helm), plus policy‑as‑code (OPA/Gatekeeper/Kyverno)
- Knowledge of privacy patterns (data minimization, retention, masking, workspace scoping)