Principal Security Engineer

About Us

Endor Labs is building the Application Security platform for the software development revolution. Modern software is complex and dependency-rich, making it increasingly difficult to pinpoint the risks that truly matter. Endor Labs solves this challenge by building a call graph of your entire software estate—enabling teams to clearly identify, prioritize, and fix critical risks faster. 

Trusted by companies that are one or one hundred years old, Endor Labs secures code whether it was written by humans or AI, and whether it's 40-year old C++ code or cutting edge Bazel Monorepos. Endor Labs was founded by serial entrepreneurs Varun Badhwar and Dimitri Stiliadis, and is backed by leading VC firms such as Dell Technology Capital, Lightspeed, and Sierra Ventures.

Sound interesting? Let’s talk if you want to be part of the next big leap in security innovation!

About the Role

At Endor Labs, we believe security is a first-class engineering discipline — not a checklist or afterthought. As our first Principal Security Engineer, you’ll define and drive the technical foundation of our security program across our product, infrastructure, and company operations.

This is a hands-on role for a builder who thrives at the intersection of secure architecture, software development, and organizational protection. You’ll work across teams to ensure that everything we do — from how we write code to how we manage employee devices — is secure by design and by default.

We’re not looking for a compliance or policy-focused candidate. We’re looking for someone who’s lived in the dev and infrastructure world and knows how to build a secure, high-growth startup the right way.

Responsibilities

Engineering & Product Security

• Partner with engineering teams to design secure-by-default systems and infrastructure.
• Lead secure SDLC practices, and runtime hardening efforts.
• Shape developer-friendly security standards, patterns, and educational materials.

Organizational Security & Threat Protection

• Own security for corporate infrastructure: identity, email, Slack, SaaS apps, endpoints, and cloud accounts.
• Stand up effective monitoring for external threats (phishing, supply chain, brand impersonation).
• Implement modern DLP strategies across code, data, and AI tooling.
• Define and drive secure usage of GenAI tools across teams, balancing innovation with data safety.
• Lead incident response, from containment to root cause and future-proofing.
• Lead customer engagements on security related topics.

What we’re Looking For

• Hands-on engineer: You’ve written production code, dabbled with infrastructure, and secured modern systems.
• Full-spectrum mindset: You can think like an attacker, protect like an architect, and communicate like a leader.
• Experience with cloud-native stacks (Azure, GCP), endpoint management, identity systems (SSO, MDM), and secure SaaS use.
• Experience securing internal and external AI/ML usage is a major plus.
• Strong understanding of real-world threat models and how to pragmatically reduce risk without slowing velocity.
• Excellent collaborator across engineering, IT, and exec stakeholders.

Why Join Endor Labs?

• Work with a world-class team dedicated to pushing the boundaries of security research.
• Directly influence the security of modern software supply chains.
• A culture that values innovation, collaboration, and continuous learning.
• Competitive compensation, flexible work environment, and a generous benefits package.
• Opportunity to present groundbreaking research and contribute to the global security community.

If you are excited about making a real impact in cybersecurity and shaping the future of software supply chain security, we’d love to hear from you!

Apply now to join our team of world-class security experts!