About LangChain
At LangChain, our mission is to make intelligent agents ubiquitous. We build the foundation for agent engineering in the real world, helping developers move from prototypes to production-ready AI agents that teams can rely on. We began as widely adopted open-source tools and have grown to also offer a platform for building, evaluating, deploying, and operating agents at scale.
Today, LangChain, LangGraph, LangSmith, and Agent Builder are used by teams shipping real AI products across startups and large enterprises. Millions of developers trust LangChain to power AI teams at companies like Replit, Clay, Coinbase, Workday, Lyft, Cloudflare, Harvey, Rippling, Vanta, and 35% of the Fortune 500.
With $125M raised at Series B from IVP, Sequoia, Benchmark, CapitalG, and Sapphire Ventures, we’re at a stage where we’re continuing to develop new products, growth is accelerating, and all team members have meaningful impact on what we build and how we work together. LangChain is a place where your contributions can shape how this technology shows up in the real world.
About the role
You’ll be the hands‑on security lead embedded with core product teams to secure agentic workloads end‑to‑end, from SDK through LangSmith/Graph services and customer integrations. You’ll define our security roadmap, land immediate hardening wins, and raise the bar on how AI infra is protected in production. We are looking for engineers who have expertise in cloud/infrastructure security or application security (both is a plus!)
Own product & platform security: Design and drive application/infrastructure security controls across LangSmith, LangGraph, and the LangChain SDK ecosystem (Python/TS/Go).
Secure-by-default authN/Z: Evolve SSO/SAML/OIDC/SCIM, token lifecycles, service‑to‑service auth, and tenant isolation for cloud and self‑hosted customers.
Vuln management: Own scanning/triage/patch SLAs; coordinate with engineering to remediate quickly without slowing delivery.
Ship code, reviews, and tooling: Land secure designs, write PRs, perform penetration testing, and introduce lightweight checks (linters, dependency/supply‑chain scanning, SBOM/SLSA provenance) to enable security at scale.
Hardening & operations: Network segmentation/Zero Trust, Kubernetes posture, secrets management, key rotation, least‑privilege IAM, egress controls
How to be successful in this role
5+ years in security engineering with strong software skills (Python or Go; TypeScript a plus).
Depth in cloud/Kubernetes security (e.g., GCP/AWS IAM, workload identity, admission controls, network policies).
Hands‑on AppSec: code review, threat modeling, secure design, secrets & key management, authn/z patterns, multi‑tenant isolation.
Experience building detection & response and running incident management.
Familiarity with supply‑chain security (SBOM, sigstore/cosign, SLSA‑style controls) and dependency risk management.
Clear, pragmatic communication with engineers and customers.
Nice to have
Security for SaaS + self‑hosted offerings, including air‑gapped deployments.
Proficiency with AI tooling to expedite security reviews
Solid understanding of AI itself, including AI threats, adversarial testing
Exposure to SOC 2 / ISO 27001 programs and evidence automation.
Experience with Go services and Infra as Code (Terraform/Helm), plus policy‑as‑code (OPA/Gatekeeper/Kyverno).
Knowledge of privacy patterns (data minimization, retention, masking, workspace scoping).
Compensation & Benefits
We offer competitive compensation that includes base salary, meaningful equity, and benefits such as health and dental coverage, flexible vacation, a 401(k) plan, and life insurance. Actual compensation will vary based on role, level, and location. For team members in the EU and UK, we provide locally competitive benefits aligned with regional norms and regulations.
Annual salary range: $180,000- $225,000 USD