Security Engineer

About Forge
Forge (backed by OpenAI and Founders Fund) is creating the next layer of human-computer interaction — combining the intelligence of AI with the reliability of software. We automate the most complex manual processes for the world's largest enterprises using a new English programming language that blends structured control flow with natural language instructions. Processes that once took hours can now be completed in a fraction of the time at superhuman quality.

Forge is now deployed globally, powering critical workflows for Fortune 500 companies with 98%+ quality across half a million production runs.

About the Role
You’ll be Forge’s first dedicated security-focused owner – the person who takes end-to-end ownership of our security posture across the company – in our core product, corporate security, and information security. This isn’t an advisory role. You’ll spend a meaningful portion of your time building: internal tooling, secure-by-default workflows, and a more secure product from the inside out.

We need to move as fast as possible as securely as possible, and this role is the core of ensuring we can do both at once. We see security as enabling us to move faster

Forge’s runtime executes complex AI workflows against sensitive enterprise data – financial records, insurance claims, telecom operations – across distributed environments that span our cloud and customer infrastructure. The security surface is broad and genuinely interesting: multi-tenant isolation, data handling pipelines that touch regulated industries, cross-VPC deployment topologies, and a runtime that needs to be auditable at every layer.

Responsibilities

• Lead product security: threat modeling, secure code review, vulnerability management, and building security into the development lifecycle – not bolting it on after the fact.

• Build internal security tooling that makes secure-by-default behavior the path of least resistance for the rest of the engineering team. Automate the guardrails so engineers don’t have to think about them.

• Harden the infrastructure that underpins Forge’s runtime – from multi-tenant isolation and secrets management to network boundaries and data handling pipelines that touch regulated customer environments.

• Own corporate security programs – while this isn’t the primary identity of the role, you’ll ensure our internal systems and workflows meet the standards our enterprise customers expect.

• Be the internal voice on security: help the team understand tradeoffs, find paths that satisfy both security and velocity, and communicate clearly with stakeholders at all levels. You’ll build trust by being helpful, not by being a gate.

• Work closely with our external IT and Security partners, ensuring smooth day-to-day operations and appropriate controls.

• Own day-to-day compliance programs – including SOC 2 and PCI – as the internal DRI, working closely with our external compliance and audit partners.

You May Be a Good Fit If You Have

• An engineering background – you were a software engineer first and moved into security. You build things, not just advise on them.

• 4+ years of experience spanning product security and at least some corporate security or compliance work.

• Hands-on experience with compliance programs (SOC 2, PCI, or similar) in a fast-moving environment where you couldn’t hide behind process alone.

• A builder’s orientation toward security tooling – you’d rather write the tool that prevents the mistake than write the policy that forbids it.

• The soft skills to be a trusted security partner across the company: telling people no with a path forward, finding alternatives that work, and building credibility through helpfulness rather than gatekeeping.

• Comfort operating as a generalist across product security, corporate security, and security tooling – you don’t need a narrow specialization to do your best work.

Nice to Have

• Experience securing systems that handle sensitive data in regulated verticals – banking, insurance, fintech, healthcare – where compliance requirements are especially demanding and customers audit you seriously.

• Familiarity with the security challenges of multi-tenant AI systems: prompt injection, data isolation, output validation, or the broader trust surface of LLM-powered products.

• Experience with infrastructure security in distributed environments – container orchestration, cross-VPC networking, secrets management at scale, or securing customer-deployed runtimes.

• Familiarity with managing outsourced IT or vendor relationships.

• Experience at an early-stage startup where you built security programs from scratch rather than inheriting them.

Forge

This role is based in San Francisco or New York. We work in-person because the pace and density of collaboration matter at our stage. Compensation includes a competitive salary, meaningful equity, and benefits.

Forge

• We are in-person only in San Francisco, CA or New York City, NY

• Backed by Founders Fund and OpenAI

• We’re a tight-knit team that works hard because we believe that the nature of how computers work for people will finally change

• We have a very talent-dense team: engineers that have built multiple products 0 to 1 at prior fastest growing startups, Financial Services vertical lead at Palantir, VP of Ops at Scale AI, multiple past founders.