Security Engineer

Who We Are

Cognition is an applied AI lab building end-to-end software agents. We are behind Devin, the first AI software engineer, and Windsurf, an AI-native IDE. Our vision is AI that works alongside engineers as a genuine teammate, not a tool.

We are a small, talent-dense team of competitive programmers, former founders, and researchers from Scale AI, Palantir, Cursor, Google DeepMind, and others.

Role Mission

Security Engineers at Cognition own one of the most interesting security surfaces in the industry. Devin executes arbitrary code on behalf of users across millions of sandboxed sessions. Windsurf operates inside developer environments at scale. Both products handle highly sensitive customer code, credentials, and infrastructure access. You will help define what security looks like for AI-native developer tools and build the controls, systems, and culture that let Cognition ship fast without compromising on safety. This is a role for engineers who want to do hands-on, high-leverage security work at the edge of what is being figured out for the first time.

What You'll Accomplish

- Secure the agent execution surface: Design and harden the sandboxing, isolation, and runtime controls that let Devin safely execute untrusted code and use tools across long-horizon tasks.

- Own product and infrastructure security: Lead threat modeling, secure design reviews, and vulnerability management across Devin, Windsurf, and the underlying infrastructure they run on.

- Build security tooling that engineers actually use: Create internal systems for secrets management, identity and access, dependency security, and detection that integrate naturally into how the team ships.

- Lead incident response and detection: Build the detection pipeline, run incident response, and turn every event into systemic improvements.

- Drive customer trust: Partner with go-to-market and legal teams to support compliance and customer trust initiatives. Build the controls that custome...