Application Security Engineer

Job description

About the company Braintrust is the AI observability platform. By connecting evals and observability in one workflow, Braintrust gives builders the visibility to understand how AI behaves in production and the tools to improve it. Teams at Notion, Stripe, Zapier, Vercel, and Ramp use Braintrust to compare models, test prompts, and catch regressions — turning production data into better AI with every release. About the role: We're looking for an Application Security Engineer who lives in the code. Braintrust is a real-time, high-availability data platform that runs in both SaaS and self-hosted environments, with open source libraries embedded inside thousands of customer applications and a model proxy in front of OpenAI, Anthropic, Gemini, and other major model providers. This is a hands-on IC role. You'll review code, build threat models, ship paved-road libraries, and lead AI-specific security work: prompt injection, agent sandbox escapes, tool-use abuse, and the new attack surface that comes with LLM-native applications. If you reach for agentic coding tools as your default workflow and can hold your own in a design review with a backend or systems engineer, we'd love to work wit...