DevSecOps Engineer (TypeScript & Agentic AI)

<div class="content-intro"><h3>About Arize</h3> <p>AI is rapidly transforming the world. As generative AI reshapes industries, teams need powerful ways to monitor, troubleshoot, and optimize their AI systems. That’s where we come in. <strong data-stringify-type="bold">Arize AI is the leading AI &amp; Agent Engineering observability and evaluation platform</strong>, empowering AI engineers to ship high-performing, reliable agents and applications. From first prototype to production scale, Arize AX unifies build, test, and run in a single workspace—so teams can ship faster with confidence.</p> <p>We’re a <strong data-stringify-type="bold">Series C</strong>&nbsp;company backed by top-tier investors,<strong data-stringify-type="bold">&nbsp;</strong>with<strong data-stringify-type="bold">&nbsp;over $135M in funding</strong>&nbsp;and a rapidly growing customer base of&nbsp;<strong data-stringify-type="bold">150+ leading enterprises and Fortune 500 companies.&nbsp;</strong>Customers like&nbsp;<a class="c-link" href="http://booking.com/" target="_blank" data-stringify-link="http://Booking.com" data-sk="tooltip_parent">Booking.com</a>, Uber, Siemens, and PepsiCo leverage Arize to deliver AI that works.</p></div><div id="job-details" class="jobs-box__html-content jobs-description-content__text t-14 t-normal"> <h3><strong>The Opportunity</strong></h3> <p>We're hiring a DevSecOps Engineer to embed security into how we ship software — not as a gate at the end, but as a capability woven through every pipeline, repo, and runtime. You'll work across a TypeScript-heavy stack (Node.js services, Next.js frontends, internal platform tools) and play a central role in how we securely design, deploy, and operate **agentic AI systems** — autonomous and semi-autonomous AI agents that take real actions on behalf of users and engineers.</p> <p>This role is deeply collaborative. You'll spend more time pairing with other departments. If you believe security is best delivered as developer experience, you'll feel at home.</p> <p>We're a small, senior team that prioritizes <strong>collaboration over hierarchy</strong> and <strong>enablement over enforcement</strong>. Security at our company isn't a department people avoid — it's a function people pull into their work because we make it useful. Expect a lot of pairing, frequent design reviews, and a culture where asking "is this secure?" early is celebrated, not punished.We believe the next generation of software will be co-built with AI agents. We want a teammate who is excited to figure out, alongside us, what it means to make that future safe.</p> <h3><strong>What You'll Do:</strong></h3> <ul> <li>Design and implement guardrails for agentic AI workflows — including tool-use sandboxing, prompt-injection defenses, MCP server hardening, secret scoping for agents, and runtime policy enforcement.</li> <li>Build internal tooling in TypeScript: SDKs, CLI utilities, GitHub Actions, custom linters, and developer-facing dashboards that make the secure path the easy path.</li> <li>Threat-model new features alongside product engineers, especially those involving LLM integrations, autonomous agents, or third-party tool calls.</li> <li>Integrate and tune SAST, DAST, SCA, secret scanning, and IaC scanning (Terraform, Kubernetes manifests, Helm) into pull-request workflows with low-friction feedback loops.</li> <li>Lead incident response for security events, coordinating cross-functionally and producing blameless postmortems that improve our systems, not assign blame.</li> <li>Partner with the AI/ML team on responsible deployment of agents — defining what "trusted action" means, what telemetry we need, and how we contain blast radius when an agent misbehaves.</li> <li>Mentor engineers across the org on secure coding patterns in TypeScript and on the unique risks of building with LLMs and agent frameworks.</li> </ul> <h3><strong>What We're Looking For</strong></h3> <ul> <li>4+ years of hands-on experience in DevSecOps, application security, or platform security roles.</li> <li>Strong working knowledge of TypeScript and the Node.js ecosystem.</li> <li>Practical experience securing cloud infrastructure (AWS, GCP, or Azure), containers, and Kubernetes.</li> <li>Fluency with modern CI/CD tooling (GitHub Actions, or similar) and IaC (Terraform, Pulumi).</li> <li>Genuine curiosity about — and ideally hands-on experience with agentic AI systems: LLM tool use, function calling, MCP, agent frameworks (LangGraph, OpenAI Agents SDK, Anthropic SDK, etc.), and the emerging security patterns around them.</li> <li>A collaboration-first mindset. You write clearly, give feedback kindly, and would rather pair on a problem than throw a Jira ticket over the wall.</li> <li>Comfort with ambiguity — the security playbook for agentic systems is being written in real time, and you want to help write it.</li> </ul> <h3>Bonus Points</h3> <ul> <li>Experience with prompt-injection research, LLM red-teaming, or AI safety/evals work.</li> <li>Contributions to open-source, especially in the TypeScript or AI or Security ecosystems.</li> <li>Familiarity with SOC 2, ISO 27001, or similar compliance frameworks — and opinions on how to satisfy them without crushing engineering velocity.</li> <li>Background in incident response or detection engineering at a fast-moving company.</li> </ul> <p>The estimated annual salary for this role is between $150,000 - $200,000, plus a competitive equity package. Actual compensation is determined based upon a variety of job related factors that may include: transferable work experience, skill sets, and qualifications. Total compensation also includes a comprehensive benefit package, including: medical, dental, vision, 401(k) plan, unlimited paid time off, generous parental leave plan, and others for mental and wellness support.</p> <p>While we are a remote-first company, we have opened offices in New York City and the San Francisco Bay Area, as an option for those in those cities who wish to work in-person. For all other employees, there is a WFH monthly stipend to pay for co-working spaces.</p> </div><div class="content-conclusion"><h3>More About Arize</h3> <p>Arize’s mission is to make the world’s AI work—and work for people.<br>Our founders came together through a shared frustration: while investments in AI are growing rapidly across every industry, organizations face a critical challenge—understanding whether AI is performing and how to improve it at scale.</p> <p>Learn more about what we're doing here:</p> <p><a href="https://techcrunch.com/2025/02/20/arize-ai-hopes-it-has-first-mover-advantage-in-ai-observability/">https://techcrunch.com/2025/02/20/arize-ai-hopes-it-has-first-mover-advantage-in-ai-observability/</a></p> <p><a href="https://arize.com/blog/arize-ai-raises-70m-series-c-to-build-the-gold-standard-for-ai-evaluation-observability/">https://arize.com/blog/arize-ai-raises-70m-series-c-to-build-the-gold-standard-for-ai-evaluation-observability/</a></p> <p><strong>Diversity &amp; Inclusion @ Arize</strong></p> <p>Our company's mission is to make AI work and make AI work for the people, we hope to make an impact in bias industry-wide and that's a big motivator for people who work here. We actively hope that individuals contribute to a good culture</p> <ul> <li>Regularly have chats with industry experts, researchers, and ethicists across the ecosystem to advance the use of responsible AI</li> <li>Culturally conscious events such as LGBTQ trivia during pride month</li> <li>We have an active Lady Arizers subgroup</li> </ul></div>