Security Software Engineer

Thinking Machines Lab's mission is to empower humanity through advancing collaborative general intelligence. We're building a future where everyone has access to the knowledge and tools to make AI work for their unique needs and goals.

We are scientists, engineers, and builders who’ve created some of the most widely used AI products, including ChatGPT and Character.ai, open-weights models like Mistral, as well as popular open source projects like PyTorch, OpenAI Gym, Fairseq, and Segment Anything.

About the Role

We’re looking for a software engineer focused on making our products secure by default while supporting fast and ambitious product iteration. You’ll embed with product and research teams to bake security into design and development and to build tooling and automation that keep systems safe at scale.

What You’ll Do

• Partner with product and research teams to embed security into the development lifecycle: threat modeling, design reviews, and secure defaults for new features.
• Design and implement security controls across our product stack (authentication, authorization, session management, input validation, etc.).
• Build and maintain security tooling and automation for engineers: secure frameworks and templates, CI/CD checks, dependency management, and vulnerability detection.
• Collaborate with researchers to identify and mitigate AI-specific product risks, such as model abuse, prompt injection, data leakage, or misuse of capabilities.
• Improve observability and detection for security-relevant events: access anomalies, abuse patterns, and suspicious behavior in production.

Looking to advance your Cyber Security career with relocation support? Explore Cyber Security Jobs with Relocation Packages that include comprehensive packages to help you move and settle in your new role.

Skills and Qualifications

Minimum qualifications:

• Bachelor’s degree or equivalent experience in computer science, engineering, or similar.
• Proficiency in at least one backend language (we use Python or Rust).
• Strong generalist software engineering background and ability to review production code for security risks.
• Hands-on experience securing web apps and APIs especially auth flows, access control, secrets management, input validation, and data protection.
• Familiarity with common vulnerability classes and prevention frameworks; experience hardening prototypes into production.
• Comfort with modern cloud infrastructure and understanding how application concerns intersect with infrastructure.
• Comfort operating across the stack and owning projects end-to-end.
• Thrive in a highly collaborative environment involving many, different cross-functional partners and subject matter experts.
• A bias for action with a mindset to take initiative to work across different stacks and different teams where you spot the opportunity to make sure something ships.

Preferred qualifications — we encourage you to apply if you meet some but not all of these:

• Experience securing AI‑powered products or working with ML/LLM APIs and their unique threat models.
• Background in human-computer interaction, especially where security or trust plays a central role in the user experience.
• Strong skills in rapid prototyping and iteration, with a habit of turning ad-hoc fixes into reusable patterns and tools.
• Open‑source security work, bug bounty write‑ups, or published tooling.

Logistics

• Location: This role is based in San Francisco, California.
• Compensation: Depending on background, skills and experience, the expected annual salary range for this position is $350,000 - $475,000 USD.
• Visa sponsorship: We sponsor visas. While we can't guarantee success for every candidate or role, if you're the right fit, we're committed to working through the visa process together.
• Benefits: Thinking Machines offers generous health, dental, and vision benefits, unlimited PTO, paid parental leave, and relocation support as needed.