Security Engineer - Member of Technical Staff

Palo Alto; New York

Full time

On-site

Engineering

Pilots don’t train with real passengers. Surgeons don’t practice on real people. Yet, the most consequential decisions in society are often pushed straight to production.

Simile is changing that. We have built the first AI simulation of society, populated by generative agents based on real humans. Our research pioneered the field of AI-based simulation, proving it is possible to model human behavior with high accuracy. Today, we are developing a Foundation Model to predict human behavior in any situation, at any scale.

We are backed by $100M in funding led by Index Ventures, with participation from Hanabi, A*, Bain Capital Ventures, and AI visionaries including Andrej Karpathy, Fei-Fei Li, Adam D’Angelo, and Guillermo Rauch.

The Security team is the guardian of our simulation’s integrity. We ensure that as we model human society, we do so with uncompromising privacy and world-class defenses. We operate at the intersection of application security, AI safety, and enterprise-grade privacy to protect our foundation models and our customers' most sensitive data.

We organize our work into three core pillars:

• Application Security: Partnering with engineers to "shift left," conducting threat models and secure design reviews to catch vulnerabilities before they reach production.

• Product and AI/ML Security: Defending our generative agents against emerging threats like prompt injection, data poisoning, and model extraction.

• Infrastructure & Compliance: Hardening our multi-cloud footprint (AWS/GCP) and automating identity management (SAML/SCIM) to maintain SOC2 and HIPAA standards.

We are looking for a Security Engineer who thrives on securing novel AI products. You will own the security roadmap, ensuring our platform is resilient, compliant, and stays ahead of an ever-evolving threat landscape.

• Customer Security & Trust: Partner with our largest enterprise customers to navigate the procurement process , leading technical discussions regarding security agreements, providing comprehensive posture overviews, and ensuring alignment on rigorous data handling requirements

• Lead Secure Design: Conduct threat modeling and secure design reviews for new features, ensuring security is a core consideration from initial design through implementation.

• Automate Defenses: Develop tooling and "paved paths" that allow our engineering and research teams to ship code safely without sacrificing velocity.

• Own Vulnerability Management: Oversee our bug bounty program and internal vulnerability scanning, prioritizing fixes based on actual risk to our foundation models.

• Secure AI/ML Pipelines: Build specific defenses against AI-novel risks, including protecting high-throughput inference systems and GPU-accelerated computing environments.

• Champion GitOps Security: Manage security configurations via Terraform/Pulumi, ensuring "security-as-code" is the truth across all multi-region environments.

Must Haves

• Experience: 5+ years of experience in application or infrastructure security within a high-growth environment.

• Security Polyglot: Deep expertise in securing AWS environments; experience with GCP or Azure is a major plus.

• Offensive Mindset: Ability to think like an attacker to anticipate risks, paired with a collaborative spirit to help engineers remediate them.

• Operational Mindset: Experience with modern observability and a "you build it, you run it" mentality toward security infrastructure.

• Agentic Security Tooling: Experience integrating agentic AI workflows into the developer lifecycle to provide real-time security feedback, enabling engineers to be "secure-by-design" as code is written rather than after the fact.

Nice to Haves

• AI/ML Security: Experience securing AI/ML workloads, specifically defending against prompt injection or protecting model weights.

• Kubernetes Mastery: Strong K8s (EKS/GKE) experience, specifically around multi-tenant security and resource isolation.

• Compliance Expertise: Proven track record of navigating SOC2, HIPAA, or similar regulatory frameworks in a cloud-native environment.

At Simile, we provide competitive compensation packages that include base salary, equity, and comprehensive benefits.

• Salary Range: $200,000 – $400,000 USD

  • Note: Final offers are based on experience, specialized skills, interview performance, and relevant training.

• Equity: Grants are available for eligible roles, subject to board approval.

• Health & Wellness: Comprehensive medical, dental, and vision coverage.

• Time Off: Flexible time off policies to support work-life balance.

We prioritize thoughtful conversations and clear examples of past work. Our hiring journey is designed to help both sides align on fit, working style, and expectations.

Reapplication Policy: To ensure a fair and thorough evaluation for all applicants, Simile observes a 90-day waiting period before reconsidering candidates for the same role.

Equal Opportunity: Simile is an equal opportunity workplace. We welcome applicants of all backgrounds and identities, valuing an environment where everyone can contribute authentically.

Accommodations: If you require support or reasonable accommodations during the application process due to a disability, please let us know. We are happy to assist.