← Back to Careers

Security Engineer

Bangalore
Apply Now

About Maxim

At Maxim AI, we are building the production infrastructure for AI. Maxim's stack comprising gateway and governance, observability, and evals empowers AI teams to ship agents with the reliability and speed required for real-world use.

About the Role

At the heart of this role is Bifrost. Bifrost is the fastest, enterprise-focused AI gateway. It is an open-source, high-performance system written in Go that routes AI traffic across 1000+ models via a single API. Enterprises in financial services, healthcare, government, and more trust Bifrost to handle their most sensitive AI workloads.

Bifrost is deployed directly inside customer infrastructure. That means every security decision we make ships into environments we don't control, across regulated industries with strict compliance requirements. The code has to be hardened before it leaves the door. We're looking for a Security Engineer to own platform security end-to-end: the open-source core, the enterprise features, and everything in between. You'll be embedded with engineering, shipping code and hardening the product, not writing policy documents in a silo.

This is a foundational security hire. You'll shape how security is practiced as Bifrost scales into more enterprise environments, and raise the bar on how AI infrastructure is protected in production.

Responsibilities

  • Own platform security end-to-end. You are responsible for the security posture of everything we ship into customer environments. This spans Bifrost's open-source core and all enterprise features. You'll define secure defaults, conduct threat modeling, and ensure the product is hardened before it reaches any customer's infrastructure.
  • Secure authentication and authorization. Evolve SSO/SAML/OIDC/SCIM flows, API key and token lifecycles, service-to-service auth, and tenant isolation patterns across diverse customer deployment environments.
  • Harden for performance-sensitive deployments. Bifrost adds 20µs of latency at 5000 req/s. Security at this layer has to be invisible and fast. Work with engineering to ensure security controls don't compromise the throughput and latency guarantees customers depend on.
  • Vulnerability management. Own scanning, triage, and patch SLAs. Introduce lightweight automated checks (dependency scanning, supply-chain controls, SBOM tracking) into the CI pipeline so issues are caught before code ships.
  • Incident response. Build and maintain IR runbooks, detection rules, and alerting. Lead post-incident forensics and blameless retrospectives.
  • Compliance. Maintain and strengthen our SOC 2, ISO 27001, GDPR, and HIPAA posture. Drive evidence automation so compliance stays continuous, not a fire drill.
  • Ship code and tooling. You're an engineer first. Write PRs, perform security reviews, conduct penetration testing, and build internal tooling that makes secure development the path of least resistance for the entire team.

Tech Stack

  • Primary: Go
  • Secondary: TypeScript + Next.js
  • Infrastructure: Kubernetes, Terraform, cloud-native (AWS/GCP)
  • Security tooling: You'll have the autonomy to evaluate and introduce the tools that fit

About You

  • You have 3–6 years of experience in security engineering with strong software development skills, ideally in Go or TypeScript.
  • You have depth in cloud and Kubernetes security: IAM, workload identity, admission controls, network policies.
  • You bring hands-on AppSec experience: threat modeling, secure code review, secrets management, and multi-tenant isolation patterns.
  • You've worked with or managed compliance programs like SOC 2 or ISO 27001 and understand how to keep them running without bottlenecking engineering.
  • You understand AI-specific security concerns like prompt injection, model data leakage, and adversarial inputs, and have thought about how to defend against them at the gateway layer.
  • You've secured high-throughput, latency-sensitive systems (API gateways, proxies, or similar infrastructure).
  • You've secured software that gets deployed into customer infrastructure, especially in regulated industries (fintech, healthcare, government) with strict compliance and data residency requirements.
  • You enjoy working in early-stage environments where ownership and autonomy are key.
  • You communicate clearly and pragmatically. You can explain a threat model to an engineer as easily as to an enterprise customer.
  • Above all, you take pride in building security that enables speed rather than slowing it down.

Nice to Haves

  • You have experience with infrastructure-as-code (Terraform/Helm) and policy-as-code frameworks (OPA, Kyverno, or similar).
  • You've contributed to or maintained an open-source project and understand the security considerations that come with it (CVE handling, responsible disclosure, supply-chain hygiene).
  • You've previously worked at or founded a startup.

Compensation & Benefits

At Maxim, we provide competitive compensation – great salary, robust equity grants, and other perks including health benefits and AI stipend. Beyond compensation, we constantly strive to build an empowering workplace with high-degree of autonomy, take-charge ownership and dynamic opportunities for growth, all as Maxim continues to soar!

Ship your AI agents 5x faster ⚡️

Get in touch to learn how AI teams are saving 100s of hours of development time
Get started freeBook a demo
© Copyright H3 Labs Inc,
All rights reserved.
Integrations
LangchainLangGraphOpenAIOpenAI AgentsLiveKitCrew AIAgnoLiteLLMLiteLLM ProxyAnthropicBedrockMistral
Product
ExperimentationAgent simulation & evaluationsAgent observabilityBifrost LLM gateway
Platform
DocsPricingStatusTrust centerOSS friends
Company
About usCareersBlogContact usLLMs.txt
Legal
TermsPrivacy

Get in touch now

Reach out to speak with an expert and learn more about Maxim. First, a few questions.

Talk to you soon!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.