Application Security Engineer

ElevenLabs is an AI research and product company transforming how we interact with technology.

We launched in January 2023 with the first human-like AI voice model. Today, we serve millions of users and thousands of businesses - from fast-growing startups to large enterprises like Deutsche Telekom and Meta. Our investors are some of the world's most prominent, including Andreessen Horowitz, ICONIQ Growth and Sequoia. We've raised $781M in funding and our last valuation was $11B - multiples of 11, always.

We have expanded from voice into three main platforms:

• ElevenAgents enables businesses to deliver seamless and intelligent customer experiences, with the integrations, testing, monitoring, and reliability necessary to deploy voice and chat agents at scale.

• ElevenCreative empowers creators and marketers to generate and edit speech, music, image, and video across 70+ languages.

• ElevenAPI gives developers access to our leading AI audio foundational models.

Everything we do is the result of the creativity and commitment of our team - builders doing the best work of their lives. We are researchers, engineers, and operators. IOI medalists and ex-founders. If you want to work hard and create lasting positive impact, we want to hear from you.

• High-velocity: Rapid experimentation, lean autonomous teams, and minimal bureaucracy.

• Impact not job titles: We don’t have job titles. Instead, it’s about the impact you have. No task is above or beneath you.

• AI first: We use AI to move faster with higher-quality results. We do this across the whole company—from engineering to growth to operations.

• Excellence everywhere: Everything we do should match the quality of our AI models.

• Global team: We prioritize your talent, not your location.

We’re looking for an Application Security Engineer to join the ElevenLabs Security team. In this role, you’ll work at the intersection of security and software engineering, building systems and tooling that enable teams to ship secure software at high velocity.

You will:

• Design and build application security tooling and guardrails that integrate directly into modern development workflows, including environments that heavily leverage AI-assisted and agentic coding

• Partner with Engineering and Infrastructure teams to review application architectures, develop threat models and build in secure by default patterns throughout the software development lifecycle

• Identify, prioritise and remediate application security vulnerabilities, working directly with engineers and contributing to fixes where required, across the entire stack.

• Ship new security features which directly improve the security posture of our products in production

• Design and implement supply chain security controls across build and deployment pipelines, including artefact signing, provenance, dynamic admission controls and SBOM generation

• Strong software engineering background, with experience building and shipping production systems

• Proven track record of building and scaling security programs or developer security tooling from scratch

• Fluency in Python and TypeScript with the ability to read, write and maintain production quality code

• Hands on experience in cloud-native environments (AWS or GCP), Kubernetes, and infrastructure-as-code (Terraform)

• Solid understanding of application security, including discovery, exploitation and remediation. You should understand how to prioritise fixes without relying on CVE scores alone

• Experience driving real security improvements through technical design, implementation and secure defaults, rather than through policy or manual review alone

Bonus:

• Experience securing AI or Machine Learning systems, including training pipelines

• Background in developer experience or platform engineering, especially building developer tooling

• Contributions to open source security projects, published research or talks at security conferences

• Experience working in regulated environments (SOC 2, ISO27001, PCI, HIPAA or similar)

This role is remote and can be executed globally. However, to facilitate working with the Security Team, we prefer candidates based in GMT to GMT+3 or UK. If you prefer, you can work from our offices in Dublin, London or Warsaw