LangChain, Inc
About LangChain
At LangChain, our mission is to make intelligent agents ubiquitous. We provide the agent engineering platform and open source frameworks developers need to ship reliable agents fast.
Our open source frameworks, LangChain and LangGraph, see over 90+ million downloads per month and help developers build agents with speed and granular control. LangSmith offers observability, evaluation, and deployment for rapid iteration, enabling teams to transform LLM systems into dependable production experiences.
LangChain is trusted by millions of developers worldwide and powers AI teams at companies like Replit, Clay, Cloudflare, Harvey, Rippling, Vanta, Workday, and more.
About the role
In person 5 days/week in San Francisco, CA or New York, NY
You'll be the handson security lead embedded with core product teams to secure agentic workloads endtoend, from SDK through LangSmith/Graph services and customer integrations. You'll define our security roadmap, land immediate hardening wins, and raise the bar on how AI infra is protected in production. Own product & platform security: Design and drive application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go). Secure-by-default authN/Z: Evolve SSO/SAML/OIDC/SCIM, token lifecycles, servicetoservice auth, and tenant isolation for cloud and selfhosted customers. Ship code & reviews: Land secure designs, write PRs, and introduce lightweight checks (linters, dependency/supplychain scanning, SBOM/SLSA provenance). Hardening & operations: Network segmentation/Zero Trust, Kubernetes posture, secrets management, key rotation, leastprivilege IAM, egress controls. Incident readiness: Develop IR runbooks, detection rules, and tabletop exercises; lead postincident forensics and blameless RCAs. Vuln management: Own scanning/triage/patch SLAs; coordinate with engineering to remediate quickly without slowing delivery. How to be successful in this role
5+ years in security engineering with strong software skills (Python or Go; TypeScript a plus). Depth in cloud/Kubernetes security (e.g., GCP/AWS IAM, workload identity, admission controls, network policies). Handson AppSec: code review, threat modeling, secure design, secrets & key management, authn/z patterns, multitenant isolation. Experience building detection & response and running incident management. Familiarity with supplychain security (SBOM, sigstore/cosign, SLSAstyle controls) and dependency risk management. Clear, pragmatic communication with engineers and customers. Nice to have
Security for SaaS + selfhosted offerings, including airgapped deployments. Exposure to SOC 2 / ISO 27001 programs and evidence automation. Experience with Go services and Infra as Code (Terraform/Helm), plus policyascode (OPA/Gatekeeper/Kyverno). Knowledge of privacy patterns (data minimization, retention, masking, workspace scoping).. Compensation & Benefits
We offer competitive compensation that includes base salary, meaningful equity, and benefits such as health and dental coverage, flexible vacation, a 401(k) plan, and life insurance. Actual compensation will vary based on role, level, and location. For team members in the EU and UK, we provide locally competitive benefits aligned with regional norms and regulations. Annual salary range: $175,000-$215,000 USD for Senior Engineers
At LangChain, our mission is to make intelligent agents ubiquitous. We provide the agent engineering platform and open source frameworks developers need to ship reliable agents fast.
Our open source frameworks, LangChain and LangGraph, see over 90+ million downloads per month and help developers build agents with speed and granular control. LangSmith offers observability, evaluation, and deployment for rapid iteration, enabling teams to transform LLM systems into dependable production experiences.
LangChain is trusted by millions of developers worldwide and powers AI teams at companies like Replit, Clay, Cloudflare, Harvey, Rippling, Vanta, Workday, and more.
About the role
In person 5 days/week in San Francisco, CA or New York, NY
You'll be the handson security lead embedded with core product teams to secure agentic workloads endtoend, from SDK through LangSmith/Graph services and customer integrations. You'll define our security roadmap, land immediate hardening wins, and raise the bar on how AI infra is protected in production. Own product & platform security: Design and drive application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go). Secure-by-default authN/Z: Evolve SSO/SAML/OIDC/SCIM, token lifecycles, servicetoservice auth, and tenant isolation for cloud and selfhosted customers. Ship code & reviews: Land secure designs, write PRs, and introduce lightweight checks (linters, dependency/supplychain scanning, SBOM/SLSA provenance). Hardening & operations: Network segmentation/Zero Trust, Kubernetes posture, secrets management, key rotation, leastprivilege IAM, egress controls. Incident readiness: Develop IR runbooks, detection rules, and tabletop exercises; lead postincident forensics and blameless RCAs. Vuln management: Own scanning/triage/patch SLAs; coordinate with engineering to remediate quickly without slowing delivery. How to be successful in this role
5+ years in security engineering with strong software skills (Python or Go; TypeScript a plus). Depth in cloud/Kubernetes security (e.g., GCP/AWS IAM, workload identity, admission controls, network policies). Handson AppSec: code review, threat modeling, secure design, secrets & key management, authn/z patterns, multitenant isolation. Experience building detection & response and running incident management. Familiarity with supplychain security (SBOM, sigstore/cosign, SLSAstyle controls) and dependency risk management. Clear, pragmatic communication with engineers and customers. Nice to have
Security for SaaS + selfhosted offerings, including airgapped deployments. Exposure to SOC 2 / ISO 27001 programs and evidence automation. Experience with Go services and Infra as Code (Terraform/Helm), plus policyascode (OPA/Gatekeeper/Kyverno). Knowledge of privacy patterns (data minimization, retention, masking, workspace scoping).. Compensation & Benefits
We offer competitive compensation that includes base salary, meaningful equity, and benefits such as health and dental coverage, flexible vacation, a 401(k) plan, and life insurance. Actual compensation will vary based on role, level, and location. For team members in the EU and UK, we provide locally competitive benefits aligned with regional norms and regulations. Annual salary range: $175,000-$215,000 USD for Senior Engineers