About the role
We’re looking for an Application Security Engineer to join the ElevenLabs Security team. In this role, you’ll work at the intersection of security and software engineering, building systems and tooling that enable teams to ship secure software at high velocity.
You will:
Design and build application security tooling and guardrails that integrate directly into modern development workflows, including environments that heavily leverage AI-assisted and agentic coding
Partner with Engineering and Infrastructure teams to review application architectures, develop threat models and build in secure by default patterns throughout the software development lifecycle
Identify, prioritise and remediate application security vulnerabilities, working directly with engineers and contributing to fixes where required, across the entire stack.
Ship new security features which directly improve the security posture of our products in production
Design and implement supply chain security controls across build and deployment pipelines, including artefact signing, provenance, dynamic admission controls and SBOM generation
Requirements
Strong software engineering background, with experience building and shipping production systems
Proven track record of building and scaling security programs or developer security tooling from scratch
Fluency in Python and TypeScript with the ability to read, write and maintain production quality codeHands on experience in cloud-native environments (AWS or GCP), Kubernetes, and infrastructure-as-code (Terraform)
Solid understanding of application security, including discovery, exploitation and remediation. You should understand how to prioritise fixes without relying on CVE scores alone
Experience driving real security improvements through technical design, implementation and secure defaults, rather than through policy or manual review alone
Bonus
Experience securing AI or Machine Learning systems, including training pipelines
Background in developer experience or platform engineering, especially building developer tooling
Contributions to open source security projects, published research or talks at security conferences
Experience working in regulated environments (SOC 2, ISO27001, PCI, HIPAA or similar)
Location
This role is remote and can be executed globally. However, to facilitate working with the Security Team, we prefer candidates based in GMT to GMT+3 or UK. If you prefer, you can work from our offices in Dublin, London or Warsaw.
#J-18808-Ljbffr