Founding Security Engineer / Head of Security

The problem we saw Most AI infrastructure is built for batch: send a query, wait, get a response, reset. Powerful, but transactional. AI is becoming interactive, sessions that hold state, models that stay alive between turns, generation that responds as it runs, and the infrastructure to deliver that at scale doesn't really exist yet. The bottleneck isn't the models anymore. It's the infrastructure underneath them. What we're building to fix it uRun is the inference cloud for interactive AI: the compute layer that makes real-time, stateful inference possible at scale. We came out of stealth in April 2026, are backed by top-tier investors, and are founded by Keegan McCallum, former Head of ML Infrastructure at Luma AI. We're an infrastructure company. We build the layer that model labs, builders, and research teams ship on top of. Where you come in You'll be uRun's first dedicated security hire. This is a founding role: you'll own security end-to-end as a hands-on engineer, and as the company and team grow, you'll have the opportunity to build out and lead the function. The problem you're here to solve: build a security foundation worthy of the infrastructure we run. That means hardening a distributed AWS and Kubernetes stack running stateful inference at scale, standing up the compliance program that unlocks enterprise deals, and embedding security into engineering without becoming a blocker. You'll join as we move from stealth to scale, begin enterprise partnerships, and approach our Series A — the point where this work has the most leverage. What you'll actually be doing day-to-day Compliance and risk Own SOC 2 Type II end-to-end: scoping, control design, evidence collection, and audit Drive ISO 27001 and additional frameworks as we scale into enterprise partnerships Stand up and manage compliance automation tooling (Vanta, Drata, or equivalent) Respond to vendor security questionnaires and represent uRun's security posture on customer calls Build and maintain security policies, procedures, and documentation Infrastructure and cloud security Harden our AWS environment: IAM, KMS, secrets management, GuardDuty, CloudTrail, VPC Secure our Kubernetes and EKS stack: container security, RBAC, network policies, runtime controls Embed security into CI/CD pipelines: SAST, dependency scanning, secrets scanning Build detection and response capabilities: alerting, playbooks, and incident response processes Drive vulnerability management end-to-end, from detection through remediation and reporting Partnerships and stakeholders Work directly with engineering to resolve security blockers and unblock partnership deals Manage external auditor relationships and coordinate security reviews Report on security posture and risk to leadership What skills you need for the journey 6+ years in security engineering, including time as a founding or sole security hire, or otherwise owning security with minimal support Proven track record delivering SOC 2 end-to-end as program owner — not just as a contributor Deep AWS experience: IAM, KMS, GuardDuty, CloudTrail, EKS, and Kubernetes security Hands-on with compliance automation tooling: Vanta, Drata, or equivalent Comfortable embedding security into CI/CD: SAST, DAST, secrets scanning, dependency management Strong incident response background: you've handled real incidents and built playbooks from scratch A clear communicator who can represent security to technical and non-technical stakeholders, including customers Able to work PST hours and thrive in a fast-moving, ambiguous environment Things that will give you an edge Familiarity with AI security frameworks: OWASP LLM Top 10, MITRE ATLAS Certifications: AWS Security Specialty, CISSP, CISM, or equivalent Experience securing GPU or ML-inference infrastructure specifically What you'll get in return Competitive salary and meaningful equity in an early-stage AI infrastructure company. The band above is our target; for an exceptional candidate we'll go higher. Equity is real — you're early, and the grant reflects that. Health, dental, and vision — full coverage 401(k) — company-supported retirement savings FSA/HSA — flexible spending accounts for healthcare costs Paid time off — we trust you to manage your time Top-tier tooling — access to the best AI tools available: Claude, Codex, Kimi, and whatever else helps you move faster MacBook Pro and AirPods — the hardware you need, on us How we work (and what that feels like day-to-day) We build the stage, not the show. We're an infrastructure company, a developer-tools company, and a production partner for model labs, and focus is a deliberate choice we've made and hold to. Day-to-day, that means a small team, a high bar, and real ownership. You won't wait for permission or inherit a backlog of someone else's decisions, in a founding security role, the function is what you make it. It also means ambiguity: priorities shift, not everything is documented, and you'll often be the person who decides what "secure enough, for now" means. That suits some people and not others, and we'd rather you know that before you apply. Watch our launch party video Read the manifesto Follow us on LinkedIn Follow us on X Apply To This Job