United States onlyAbout SafeLease
At SafeLease, we're rethinking how P&C insurance is sold in an age of technological change. We believe the industry's biggest inefficiencies aren't technical problems — they're structural ones. And we're building the team to tackle them.
SafeLease is a profitable insurance business that designs, underwrites, and distributes specialty coverage for commercial property owners and their tenants. Most insurance companies either distribute products or bear the risk — we do both. We back our policies with our own capital, which means we control the full stack: product design, tech, and the speed at which we move. That end-to-end ownership lets us offer customers real flexibility, saving time and money for more than 4,000 properties insured for billions in value nationwide.
We're a team of 70, growing over 100% annually, and we've done it without sacrificing profitability or culture. Here, you'll get high discretion and a wide aperture of problems to solve. We embrace the newest technologies, move fast together, and operate with the intensity of a small company where every person's work is visible. If you're looking for a place to sharpen your craft alongside people who take their work seriously, you'll fit right in.
Why this role?
SafeLease is leaning hard into AI. PMs, designers, and operators are shipping production code through Claude Code. Internal agents query our data warehouse, draft customer responses, and scan call recordings. Citizen developers are merging PRs in repos they don't own. Our token spend per employee is climbing on purpose.
That posture is a competitive advantage. It is also a security surface that did not exist a year ago.
We need someone whose job is to make this safe to do. Not to slow it down, but to design the guardrails that let us keep accelerating. That means thinking about prompt injection the way you used to think about SQL injection, defining what citizen devs can and can't touch, and deciding how secrets reach AI agents. It also means the unglamorous work: SSO hygiene, endpoint posture, vendor reviews, and keeping SOC 2 evidence collected when half the contributors aren't engineers.
If you want to run a traditional SOC or write policies nobody reads, this isn't the right fit. If you want to be the person who says "yes, and here's how we do it without getting burned," keep reading.
About the Role
To drive our mission forward, this role will:
Own security as the company adopts AI. Set the standards for how we use LLMs, MCP servers, and agentic tooling without leaking data, over-permissioning agents, or shipping prompt-injectable surfaces. Stay current on a threat landscape that's changing monthly.
Run our infosec program. Identity, access, secrets management, endpoint posture, vendor review, and SOC 2 (we're certified — keep us that way and make audits a non-event). Compliance should be a byproduct of how we work, not a separate workstream.
Build guardrails for citizen development. As non-engineers start shipping PRs, define what they can touch, what needs review, how secrets are scoped, and how a designer in Codespaces can't accidentally exfiltrate a customer database. Partner with engineering to encode those rules into tooling, not docs.
Handle the IT work that matters. SSO, MDM, laptop provisioning, the office network. We're 70 people, so pragmatism wins — you'll do some of this directly and decide what's worth automating or outsourcing.
Be the trusted partner, not the gate. Engineering, product, and ops should bring you in early because you make their work better, not because legal said they had to.
About You
You think about security as a system design problem, not a checklist. You're comfortable being the only security person in the room and translating between the SOC 2 auditor, the engineer who wants to ship, and the operator who just wants Salesforce to work. You're energized by a company that's actually adopting AI rather than talking about it, and you have opinions about how to do that responsibly.
Your experience:
3+ years in security engineering, application security, or a hybrid security/infrastructure role. We care more about AI-era pattern recognition than years on a résumé.
Hands-on with cloud security (AWS preferred), identity (Cognito, Okta, or similar), and modern app security (OWASP, secret management, etc.)
Working knowledge of how LLM-based systems fail — prompt injection, data exfiltration via tool use, over-permissioned agents, MCP server risk surface. Lived experience preferred over certifications.
Comfortable shipping code (Node, Python or similar). You build tooling, not just policies. Active use of AI-powered dev tools (Claude Code, Cursor, Copilot) in your day-to-day.
Familiarity with SOC 2 compliance from the inside, not just as an auditee
Bonus: experience with regulated industries (insurance, finance, healthcare) or hands-on IT/MDM work
Strong communication skills and a collaborative mindset. You ask good questions, give direct feedback, and make the people around you better.
Excited to work in-person or hybrid from our downtown Austin office
Why SafeLease?
The tech: Our prospects convert fast because we’re solving real problems and delivering serious value to commercial real estate owners.
The team: We’re a team of seasoned pros and sharp operators who know how to move fast and build smart. High standards, low ego.
The stability: We’re well-funded, growing fast, and we make sure our team shares in that success with competitive pay and equity.
The employee experience: We also offer unlimited PTO, full health benefits, flexible work setups, and the kind of culture where people want to show up to do their best work.
If you don't have all the qualifications listed, don't worry! We understand everyone's career path is unique and still encourage you to apply if you feel this role is aligned with your career trajectory.
Employment at SafeLease is contingent upon a satisfactory verification of a general and criminal background check.
AU, CA + 5 more
FR, PT + 1 more