Founding Security Engineer (Application & Infrastructure)
Build the shield that makes Enterprise Superintelligence trustworthy
About Pavo
Pavo is building Enterprise Superintelligence: compounding systems that take ownership of business outcomes and work with humans to deliver them.
We believe that while foundation models are necessary, they are not sufficient. The hard problem is systems intelligence: end-to-end architectures that understand a company's code, data, and decisions, and improve themselves through experience.
We are assembling a small, senior team of researchers and engineers obsessed with systems-first intelligence. Our current team consists of PhDs and ML engineers from top applied ML and coding agent companies, with a heritage of shipping systems at Spotify, ShareChat, and Sourcegraph scale.
Our team has built impressive momentum with a small group of highly capable engineers and researchers.
The Opportunity
As a Founding Security Engineer, you will help establish the security foundations for Pavo's agentic and knowledge systems. You help secure autonomous systems that write code, execute tools, and interact with sensitive enterprise data.
This role sits at the bleeding edge of AI Security, wherein you harden the infrastructure that allows our knowledge and agentic systems to work safely inside Fortune 500 environments. You will build the shield that makes Enterprise Superintelligence trustworthy.
What You'll Build
You will own the holistic security posture of the Pavo platform, spanning Application, AI, and Infrastructure security:
- →AI & Application Security: Lead the defense against LLM-specific vulnerabilities (Prompt Injection, Insecure Output Handling) and standard web threats (OWASP Top 10). You will implement "Guardrails" that sanitize agent inputs/outputs and conduct continuous red-teaming of our agent behaviors.
- →Secure SDLC & DevSecOps: Embed security into our CI/CD pipelines without slowing down our high-velocity engineering team. You will integrate automated SAST/DAST scanning, dependency management (SCA), and secret detection into our daily workflow.
- →Cloud & Infrastructure Hardening: Work closely with Systems Engineers to secure our Kubernetes clusters and compute environments. You will design strict IAM policies (least privilege for agents) and ensure network isolation so that agent execution environments are impenetrable.
- →Vulnerability Management: Own the lifecycle of vulnerability detection and remediation. You will manage bug bounty programs, coordinate third-party pentests, and ensure our open-source dependencies (and the code our agents generate) are secure.
- →Enterprise Trust: Help design features that give our customers confidence, such as audit logging, data residency controls, and rigorous access governance.
What We Are Looking For
We are looking for a security practitioner who is a builder at heart—someone who would rather ship a secure fix than write a policy document.
Core Qualifications
- →Experience: 5+ years of experience in Security Engineering, with a strong focus on Application Security and Cloud Security.
- →AppSec Proficiency: Deep understanding of modern web vulnerabilities (CSRF, SSRF, XSS) and experience utilizing tools like Burp Suite, Semgrep, or CodeQL. You can review code in Python or Go and spot logic flaws that scanners miss.
- →AI Security Curiosity: You understand the unique risks of LLMs. You are familiar with the OWASP Top 10 for LLMs and have explored defenses against prompt injection and data exfiltration in agentic systems.
- →Cloud Native Security: Hands-on experience securing AWS/GCP environments and Kubernetes clusters. You understand container security (capabilities, seccomp, namespaces) and how to secure microservices architectures.
- →Offensive Mindset: You have experience with Red Teaming or CTFs. You know how to think like an attacker to uncover weaknesses in business logic and agent reasoning.
Nice to Have
- →Experience securing execution sandboxes (gVisor, Firecracker, or similar).
- →Background in "Purple Teaming"—collaborating with developers to fix what you break.
- →Contributions to the open-source security community or research on AI safety.
- →Knowledge of compliance frameworks (SOC 2, ISO 27001) in an early-stage startup context.
Why Join Us
- →Founding Equity: Significant ownership in a company tackling the next layer of the AI stack.
- →Frontier Security: Define the security standards for a new category of software—autonomous enterprise agents.
- →World-Class Team: Collaborate with a dense talent cluster of researchers and engineers who have shipped products serving hundreds of millions of users.
Pavo is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.