What we're building
Respan is building the self-driving observability and evals platform for AI teams, used by 100+ YC companies and hundreds of AI teams.
The role
You will own security at Respan end to end: application security, infrastructure security, cloud and deployment hardening, access control, secrets management, customer data protection, SOC 2 and enterprise security readiness, and the security systems that let our engineering team ship AI gateway, observability, and eval infrastructure safely at high velocity.
What you'll do
- Own security across Respan's full stack, including application code, APIs, cloud infrastructure, internal tools, CI/CD, data flows, and developer workflows.
- Build secure-by-default systems across authentication, authorization, permissions, secrets management, audit logs, encryption, and customer data access patterns.
- Protect sensitive AI and customer data, including logs, traces, eval data, API keys, prompts, model responses, agent workflows, and gateway-level controls.
- Partner directly with engineering to find and fix real risks, including architecture reviews, code/config reviews, vulnerability remediation, GuardDuty issues, and unusual user behavior detection.
- Support enterprise security readiness and internal operations, including SOC 2, customer security reviews, vendor questionnaires, policies, controls, evidence collection, access reviews, onboarding/offboarding, incident response, monitoring, and security documentation.
What you must have:
- 3+ years of experience in security engineering, application security, cloud security, infrastructure security, or DevSecOps
- Strong understanding of web apps, APIs, authentication, authorization, cloud infrastructure, CI/CD, secrets management, encryption, audit logs, and access control
- Strong judgment to identify real security risks across product, infrastructure, and internal workflows
- Clear communicator who can explain security tradeoffs without slowing the team down
Strong plus:
- Experience with SOC 2, compliance readiness, enterprise security reviews, or customer trust documentation
- Experience securing AI/LLM applications, agentic systems, observability, logging, tracing, evals, gateways, or developer tools
- Experience with cloud and infrastructure tools like AWS, GCP, Azure, Vercel, Docker, Kubernetes, Terraform, GitHub Actions, or modern CI/CD
- Experience with incident response, security monitoring, pen testing, or bug bounty programs
