What we’re building
Respan is building the self-driving observability and evals platform for AI teams, used by 60+ YC companies and hundreds of AI teams.
The role
You will own security at Respan end to end: application security, infrastructure security, cloud and deployment hardening, access control, secrets management, customer data protection, SOC 2 and enterprise security readiness, and the security systems that let our engineering team ship AI gateway, observability, and eval infrastructure safely at high velocity.
What you’ll do:
Own security across Respan’s full stack, including application code, APIs, cloud infrastructure, internal tools, CI/CD, data flows, and developer workflows.
Build secure-by-default systems across authentication, authorization, permissions, secrets management, audit logs, encryption, and customer data access patterns.
Protect sensitive AI and customer data, including logs, traces, eval data, API keys, prompts, model responses, agent workflows, and gateway-level controls.
Partner directly with engineering to find and fix real risks, including architecture reviews, code/config reviews, vulnerability remediation, GuardDuty issues, and unusual user behavior detection.
Support enterprise security readiness and internal operations, including SOC 2, customer security reviews, vendor questionnaires, policies, controls, evidence collection, access reviews, onboarding/offboarding, incident response, monitoring, and security documentation.
What you must have:
3+ years of experience in security engineering, application security, cloud security, infrastructure security, or DevSecOps
Strong understanding of web apps, APIs, authentication, authorization, cloud infrastructure, CI/CD, secrets management, encryption, audit logs, and access control
Strong judgment to identify real security risks across product, infrastructure, and internal workflows
Clear communicator who can explain security tradeoffs without slowing the team down
Strong plus:
Experience with SOC 2, compliance readiness, enterprise security reviews, or customer trust documentation
Experience securing AI/LLM applications, agentic systems, observability, logging, tracing, evals, gateways, or developer tools
Experience with cloud and infrastructure tools like AWS, GCP, Azure, Vercel, Docker, Kubernetes, Terraform, GitHub Actions, or modern CI/CD
Experience with incident response, security monitoring, pen testing, or bug bounty programs