Application Security Engineer (Zürich)

Lakera is hiring its first dedicated Application Security Engineer to partner with Engineering and embed security into every stage of our SDLC.

You will work closely with backend and infrastructure engineers, turn threat models into guardrails, harden our Python services, and make it easy for teams to ship secure code. Your main focus is proactive product security: secure-SDLC integration, automated testing pipelines, and hands-on code guidance. Because we are a lean team you will also help with incident response and audit preparation when required.

If you’re excited by the idea of shaping security strategy at a company working on the frontier of AI security, this is your chance to make outsized impact from day one.

About Lakera

Lakera is on a mission to ensure AI does what we want it to do. We are heading towards a future where AI agents run our businesses and personal lives. Here at Lakera, we're not just dreaming about the future; we're building the security foundation for it. We empower security teams and builders so that their businesses can adopt AI technologies and unleash the next phase of intelligent computing.

We work with Fortune 500 companies, startups, and foundation model providers to protect them and their users from adversarial misalignment. We are also the company behind Gandalf, the world’s most popular AI security game.

Lakera has offices in San Francisco and Zurich.

We move fast and work with intensity. We act as one team but expect everyone to take substantial ownership and accountability. We prioritize transparency at every level and are committed to always raising the bar in everything we do. We promote diversity of thought as we believe that creates the best outcomes.

What You’ll Do

• Integrate Security into the SDLC

  • Integrate and maintain SAST, dependency scanning, and IaC checks in the CI pipeline.

  • Perform threat models and drive secure-by-design patterns with engineers.

  • Run secure code reviews and pair with developers to remediate findings.

• Champion Security

  • Deliver just-in-time training, secure-coding guidelines, and short demos.

  • Build self-service security tooling and templates that reduce friction.

• Cloud & Infrastructure Hardening

  • Review AWS/Kubernetes configurations, IAM policies, and Cloudflare rules.

  • Support infrastructure teams with infrastructure-as-code guardrails.

• Continuous Improvement

  • Track security metrics, drive post-incident reviews, and propose roadmap items.

  • Stay up to date with emerging threats, vulnerabilities, and industry best practices across SaaS, open-source, and cloud environments.

What You’ll Bring

• At least three years in product or application security or a closely related DevSecOps role.

• Hands-on experience securing Python, Node, Go, or similar web applications and APIs.

• Ability to code. Comfortable writing or improving small tools and infrastructure-as-code in Python and Terraform.

• Ability to read and review code, spot vulnerabilities, and communicate fixes clearly.

• Ability to implement SAST, DAST, and CI/CD security controls (GitHub Actions, GitLab CI, or similar).

• Working knowledge of AWS security fundamentals.

• Strong collaboration skills and the ability to influence without authority in a fast-moving startup.

• Excellent communication skills, both verbal and written, enabling clear and effective interactions with internal stakeholders, auditors, and customers.

• Nice to haves:

  • Familiarity with Auth0, OAuth 2 / OIDC flows, and multi-tenant SaaS authentication patterns.

  • Exposure to compliance frameworks such as SOC 2 or ISO 27001 or evidence-collection tooling.

  • Relevant certifications (for example OSCP) or a degree in Computer Science or a related field.

👉 Let's stay connected! Follow us on LinkedIn, Twitter & Instagram to learn more about what is happening at Lakera.

ℹ️ Join us on Momentum, the slack community for AI Safety and Security everything.

❗To remove your information from our recruitment database, please email privacy@lakera.ai.