DevSecOps Engineer (TypeScript & Agentic AI)

About Arize

AI is rapidly transforming the world. As generative AI reshapes industries, teams need powerful ways to monitor, troubleshoot, and optimize their AI systems. That’s where we come in. Arize AI is the leading AI & Agent Engineering observability and evaluation platform, empowering AI engineers to ship high-performing, reliable agents and applications. From first prototype to production scale, Arize AX unifies build, test, and run in a single workspace—so teams can ship faster with confidence.

We’re a Series C company backed by top-tier investors, with over $135M in funding and a rapidly growing customer base of 150+ leading enterprises and Fortune 500 companies. Customers like Booking.com, Uber, Siemens, and PepsiCo leverage Arize to deliver AI that works.

The Opportunity

We're hiring a DevSecOps Engineer to embed security into how we ship software — not as a gate at the end, but as a capability woven through every pipeline, repo, and runtime. You'll work across a TypeScript-heavy stack (Node.js services, Next.js frontends, internal platform tools) and play a central role in how we securely design, deploy, and operate agentic AI systems — autonomous and semi-autonomous AI agents that take real actions on behalf of users and engineers.

This role is deeply collaborative. You'll spend more time pairing with other departments. If you believe security is best delivered as developer experience, you'll feel at home.

We're a small, senior team that prioritizes collaboration over hierarchy and enablement over enforcement. Security at our company isn't a department people avoid — it's a function people pull into their work because we make it useful. Expect a lot of pairing, frequent design reviews, and a culture where asking "is this secure?" early is celebrated, not punished. We believe the next generation of software will be co-built with AI agents. We want a teammate who is excited to figure out, alongside us, what it means to make that future safe.

What You'll Do:

• Design and implement guardrails for agentic AI workflows — including tool-use sandboxing, prompt-injection defenses, MCP server hardening, secret scoping for agents, and runtime policy enforcement.
• Build internal tooling in TypeScript: SDKs, CLI utilities, GitHub Actions, custom linters, and developer-facing dashboards that make the secure path the easy path.
• Threat-model new features alongside product engineers, especially those involving LLM integrations, autonomous agents, or third-party tool calls.
• Integrate and tune SAST, DAST, SCA, secret scanning, and IaC scanning (Terraform, Kubernetes manifests, Helm) into pull-request workflows with low-friction feedback loops.
• Lead incident response for security events, coordinating cross-functionally and producing blameless postmortems that improve our systems, not assign blame.
• Partner with the AI/ML team on responsible deployment of agents — defining what "trusted action" means, what telemetry we need, and how we contain blast radius when an agent misbehaves.
• Mentor engineers across the org on secure coding patterns in TypeScript and on the unique risks of building with LLMs and agent frameworks.

What We're Looking For

• 4+ years of hands-on experience in DevSecOps, application security, or platform security