
Maze · Remote (Europe)
Summary of the Role: As Security Engineer (Internal) at Maze, you'll own how we secure ourselves — our cloud, our applications, and the way our engineers build...
As Security Engineer (Internal) at Maze, you'll own how we secure ourselves — our cloud, our applications, and the way our
engineers build. This is a unique opportunity to join a well-funded Series A startup building at the intersection of generative AI
and cybersecurity, establishing the internal security foundation that lets a three-product company keep moving fast as it scales.
You'll take hands-on ownership of cloud infrastructure security, application security, security tooling, and the compliance work
that unlocks enterprise deals. We're deliberately looking for a strong generalist rather than a narrow specialist: someone who can
harden our AWS environment and identity model, get into the weeds on application security, and run a pragmatic compliance program
— and who knows when a control is worth the friction and when it isn't. Your success will be measured by the robustness of our
security posture, our readiness for enterprise customer requirements, and your ability to make secure the default path for
engineering rather than a blocker.
This role is perfect for a pragmatic, broad security engineer who has built and run security at a startup, thrives with autonomy,
and wants to own a domain end-to-end. You'll be our founding internal security hire — but not a lone wolf for long: this is the
first role in a function we expect to grow, and as we scale we'll add to the team and bring in dedicated security leadership.
You'll set the foundations the rest of that team is built on, and have a clear runway to grow alongside it.
infrastructure-as-code controls (Terraform) — closing real risk rather than chasing checkboxes
guidance to triaging and driving down vulnerabilities across our own products and services
infrastructure and applications, and serve as our first line of defence
and evidence that support enterprise sales without drowning the team in process
letting the team move quickly — no security theatre
keeping quality high
to, and recovering from security incidents
application security rather than depth in only one — comfortable being the person who covers the whole surface area
judgement to prioritise what matters
development practices into engineering workflows
secure, scalable infrastructure through code
security into development workflows
without letting process become the product
enable engineering rather than block it
without extensive oversight — and to thrive in the ambiguity of an early-stage company
processes, and standards a future team and security leadership inherit cleanly
secure the company doing it, across cloud and application security.
practices that scale Maze through hypergrowth — then help grow the team and function around you as we scale.
been part of multiple acquisitions and an IPO — giving you strong technical partnership while you own security.
organisations worldwide — making security an enabler of innovation, not a blocker.
clear path to grow as our security organisation matures.
SUMMARY OF THE ROLE: As ML Engineer at Maze, you'll be the technical leader driving our machine learning infrastructure from experimentation to production, ensuring our AI-powered cybersecurity solutions deliver measurable impact for customers worldwide. This is a unique opportunity to join as one of the early engineering team members of a well-funded startup building breakthrough applications of LLMs and AI agents in cybersecurity. You'll take full ownership of evaluation frameworks, production ML pipelines, and cross-team ML integration, working closely with our CTO and product teams to transform cutting-edge AI research into robust, scalable solutions that solve real security challenges. Your success will be measured by agent performance improvements and product innovation impact, not just technical metrics. This role is perfect for a hands-on ML engineer who has scaled production ML systems across multiple companies, thinks like a product builder, and wants to drive the actual productionization of LLMs and ML to solve significant pain points. YOUR CONTRIBUTIONS TO OUR JOURNEY: * Build Production-Grade Evaluation Systems: Design and implement comprehensive evaluation frameworks that measure agent performance, track improvements over time, and ensure our AI systems deliver consistent value to customers * Drive Experimentation-to-Production Pipeline: Own the entire ML lifecycle from prototype to production, building scalable systems that enable rapid iteration while maintaining reliability and performance in customer environments * Enable Cross-Team ML Integration: Work closely with product teams to seamlessly integrate ML capabilities into customer-facing features, ensuring technical excellence translates into user value and product differentiation * Optimize AI Agent Performance: Continuously improve our AI agents through systematic experimentation, prompt engineering, and architectural enhancements, measuring success through customer impact and system performance * Scale ML Infrastructure: Build the foundational ML systems, monitoring, and tooling that will support our growth from startup to scale, ensuring we can deploy new capabilities quickly without compromising quality * Partner with Engineering Leadership: Collaborate directly with our CTO through regular check-ins and strategic alignment while operating with high autonomy and self-direction in day-to-day execution * Mentor Through Excellence: Provide natural mentorship to junior ML engineers through code reviews, technical guidance, and sharing practical experience from building production ML systems WHAT YOU NEED TO BE SUCCESSFUL: * Proven Production ML Experience: 6+ years building and scaling machine learning systems in production environments, with hands-on experience moving from experimentation to customer-facing deployments * Deep Neural Networks Foundation: Strong background in classical neural networks and deep learning fundamentals before specializing in modern LLMs and transformer architectures - you understand the foundations, not just the latest tools * Product-Focused ML Mindset: Experience building ML systems that solve real business problems, with a track record of integrating classification, prediction, or recommendation systems into actual products customers use * Multi-Company Perspective: Experience across multiple organizations (scale-ups, startups, or combination), giving you practical knowledge of what tools to build vs buy and how to avoid over-engineering * Technical Versatility: Strong Python skills with flexibility across ML frameworks and tools - comfortable adapting to our stack including LangChain, evaluation frameworks, and workflow orchestration tools like Temporal * Self-Directed Leadership: Ability to operate autonomously while maintaining close alignment with leadership, comfortable with frequent check-ins but capable of driving projects independently * Cross-Functional Collaboration: Experience working closely with product teams and potentially customers, translating technical capabilities into business value and user experiences * Nice to Haves: * Experience with AI agents, LLMs, or modern generative AI applications * Cybersecurity domain knowledge or experience applying ML to security challenges * Background at ML-first companies or organizations where ML was core to the product * Experience with modern MLOps practices and cloud-based ML infrastructure * Track record of optimizing model performance and controlling AI system costs WHY JOIN US: * Real-World AI Impact: Drive the actual productionization of LLMs and machine learning to solve significant cybersecurity pain points - your work will directly protect organizations from real threats, not just optimize internal metrics * Technical Leadership Opportunity: Work directly with our CTO on cutting-edge ML infrastructure while having the autonomy to shape technical decisions and build systems that scale with our hypergrowth * Expert Team Partnership: Join a team of hands-on leaders with experience in Big Tech and Scale-ups, including leadership team members who have been part of multiple acquisitions and an IPO * Build the AI-Native Future: Shape how generative AI transforms cybersecurity from the ground up, establishing ML practices and technical standards that will define the industry * Multiple Growth Pathways: Clear opportunities to grow into Head of ML Engineering, become a domain technical lead, move into customer-facing technical roles, or excel as a senior individual contributor - the choice is yours based on your interests and our needs * Breakthrough Technology: Work at the intersection of generative AI and cybersecurity, building solutions that leverage the latest advances in LLMs and AI agents to solve some of the most pressing challenges security teams face today
SUMMARY OF THE ROLE: Maze is building an AI-native vulnerability management platform. Our autonomous agents investigate, triage, and remediate security findings the way a senior analyst would, only faster and at scale. As Head of AI, you'll own the intelligence that makes those agents work: the AI research and implementation strategy for the whole company, plus the crown-jewel technical problem underneath it. Our investigation agents run multi-step, non-deterministic trajectories across a toolset of 180+ tools, tested against a ground-truth exploit lab we built for exactly this purpose. Knowing whether they're getting better, and making them better, is the most important technical problem at Maze. It's the heart of this role. This is a hands-on leadership role, not a management layer. You'll set AI direction as a member of the engineering leadership team reporting to the CTO. But you'll spend most of your time building: designing evaluation frameworks for non-deterministic agents, running fine-tuning and model-routing experiments against real data, prototyping new techniques and getting them into the product. You'll lead a small, strong AI team (3–4 engineers today) by setting the technical bar and doing the work alongside them, while working closely with our ML tech lead and the product teams building agents day to day. Your impact comes from what you ship, not the size of your org. We're not looking for someone to run a large team from two layers up. We're looking for someone who wants to define how generative AI transforms cybersecurity and keep their hands on the code. This role suits a deep LLM-era practitioner who has shipped agentic systems to production, can reason about transformer internals and fine-tuning from first principles, and moves fast. We're a three-product company with a lot of surface area, a well-funded Series A (Theory Ventures) behind us, and a Series B on the horizon. The AI foundation you set now becomes the moat we compete on for years — this is a foundational hire whose standards will shape Maze's AI trajectory well past this raise. YOUR CONTRIBUTIONS TO OUR JOURNEY: * Own AI strategy and research direction: Set the technical roadmap for our AI capabilities. Stay ahead of the research curve to find, validate, and prioritise the techniques that differentiate Maze, and turn what's real into a concrete, sequenced roadmap while discarding the hype. * Own agent quality and evaluation: Build and run the frameworks that tell us whether our investigation agents are improving. That means trajectory evaluation, ground-truth scoring against the exploit lab, and end-to-end benchmarks for non-deterministic, multi-step behaviour. This is the core problem of the role. * Build the breakthroughs yourself: Prototype a new technique in days, get it into the product, and measure the impact. You'll spend most of your time hands-on in the codebase, acting as the technical product manager who guides it to production. * Run fine-tuning and model experiments on real data: Own fine-tuning pipelines, context engineering, model migration, and cost/routing optimisation grounded in production data, not proofs of concept. * Guide prioritisation across the AI team: New techniques, papers, and ideas surface constantly. You'll be the filter deciding which of them are actually worth a prototype this week, and which are noise - keeping the team focused on what moves the needle. * Lead a small team by doing: Set technical direction for the AI engineers, raise the bar through pairing and review, hire as we scale, and stay close enough to the work to make the hard architectural calls yourself. * Partner with the CTO and engineering leadership: Turn the AI roadmap into shipped capability, and make sure evaluation is wired into how the whole team builds. * Get in front of customers: Occasional direct customer exposure, translating what security teams need into concrete improvements to the ML pipeline. * Set the pace: Ship prototypes in days, not quarters. Bring urgency to a domain where most of the field still moves slowly. WHAT YOU NEED TO BE SUCCESSFUL: * Hands-on technical leadership: A track record of leading AI work while personally building it. Strategy and implementation. You lead from the front. If you've moved permanently into management and stopped shipping, this isn't the right fit. * Shipped LLM/agentic systems to production: You've built and run generative-AI systems that real customers use, not research prototypes or slideware. You can point to agents or LLM features you put into production and improved over time. * Deep LLM-era technical depth: You can explain transformer architecture, training, fine-tuning (e.g. LoRA), and inference from first principles. We test this directly. A strong pre-LLM ML pedigree (RL, NLP, recommendations, ASR) is valuable but won't substitute for modern generative-AI depth. * Built evaluation frameworks for non-deterministic systems: You've designed and run evals for multi-step, non-deterministic agents: trajectory evaluation, LLM-as-judge, fine-tuning result measurement. This capability is rare and it's the one we most want. It will set you apart. * Top-tier pedigree with a builder's edge: Experience at a leading AI organisation or strong AI-native startup where you raised the technical bar rather than coasted on the brand. * Unambiguous startup signal: You've operated at early stage or built something from zero. You move fast, own outcomes end-to-end, and don't need a large org around you to ship. Founder experience is a strong plus. * Pace and urgency: You ship prototypes in days. You make pragmatic calls on models, cost, and scope to keep momentum, and you're impatient with quarters-long cycles. * Sharp, concise communication: You communicate clearly and tightly in a remote-first, English-speaking team, in writing and live. You get to the point. * Nice to Haves: * Security, vulnerability-management, or adversarial-domain background. Strongly preferred. Every candidate we've rated highly has had it. Offensive security, vuln management, threat detection, or applying AI to security problems all count. * Comfort in front of customers, able to translate agent behaviour and capability into terms a security team understands. * Model cost/routing pragmatism: real experience cutting inference cost and migrating between models in production. * Track record at a successful AI-first startup, scaling a system from experimentation to production impact. * PhD or published work in ML/AI at top-tier venues, paired with real production experience. YOUR FIRST 90 DAYS * Days 1–30: Get fully up to speed on every agent we've built and how our ML evaluation pipeline works today. Start drafting a short, mid, and long-term technical plan. * Days 31–60: Ship something fundamentally new — for example, fine-tune a small model and get it into production. * Days 61–90: Move onto bigger bets — RLHF for specific use cases, scalability of the evaluation approach, and deeper customer-facing model tuning. THIS ROLE IS NOT FOR: * Manager-of-managers or 2nd/3rd-line leaders who direct rather than build. * Fractional, advisory, or part-time profiles. * Research-only backgrounds without production shipping experience. WHY JOIN US: * The hardest problem in the field, unsolved. Evaluating non-deterministic, multi-step agents against ground truth is an open problem, and we've built the exploit lab and 180+ tool agent infrastructure to attack it. You'd own it, at the intersection of generative AI (LLMs and agents) and cybersecurity. * A team you'll want to be measured against. Founders and engineers from Amazon, Elastic, and Tessian. Hands-on leaders who've been part of multiple acquisitions and an IPO. Most people who join do so because of how strong the team already is. * Build the AI-native company from the ground up. A well-funded Series A (Theory Ventures) with a Series B on the horizon, early enough that you'll set the technical standards for how AI investigates security at scale. * Cybersecurity as a force for good. The work directly helps organisations stop attacks. Measurable impact, real customers, immediate feedback on what you ship. * Founding-level ownership and upside. Significant equity, a seat on engineering leadership, and a path to VP of AI as the team scales around what you build.
SUMMARY OF THE ROLE: As a Security Research Engineer at Maze, you'll be at the forefront of defining what constitutes real security risk in the age of AI-powered vulnerability detection. This is a unique opportunity to join our growing security research team at a well-funded startup building at the intersection of generative AI and cybersecurity, where your security expertise directly shapes how our AI models understand and prioritize cloud security threats. You'll spend the majority of your time as the expert human-in-the-loop, analyzing cloud vulnerability findings from our AI systems, conducting deep research to validate and contextualize threats, and creating the authoritative labels that train our models to distinguish critical risks from noise. Working alongside other security researchers, you'll help scale our labeling operations while providing critical input into product development decisions based on real-world threat patterns you discover. This role is perfect for a security researcher who wants to pioneer the future of AI-assisted threat detection, loves diving deep into cloud security vulnerabilities, and wants to see their security insights amplified through cutting-edge technology while contributing to a growing team. YOUR CONTRIBUTIONS TO OUR JOURNEY: * Scale Expert Data Labeling Operations: Lead high-volume vulnerability labeling and validation work as the authoritative voice on threat severity, reviewing and categorizing cloud security findings from our AI models to create the high-quality training data that powers our platform * Drive Product Development Through Research Insights: Translate patterns and insights from your labeling and research work into actionable product improvements, working directly with engineering and product teams to enhance detection capabilities and user experience * Collaborate with Security Research Team: Work closely with fellow Security Research Engineers to maintain consistency in labeling standards, share research findings, and collectively improve our vulnerability assessment methodologies * Deep Vulnerability Research: Conduct comprehensive research into cloud vulnerabilities affecting EC2 images, Docker containers, and cloud infrastructure, investigating true/false positives, analyzing business impact, and building proof-of-concepts to validate threat scenarios * Enhance AI Model Accuracy: Provide expert feedback through our labeling tools that improves our AI models' understanding of vulnerability context, helping them learn to prioritize threats like a seasoned security researcher * Technical Investigation and Analysis: Create detailed technical writeups about exploitation techniques, attack vectors, and remediation strategies for cloud vulnerabilities, turning complex security research into actionable intelligence * Leverage External Security Intelligence: Integrate insights from CVE databases, security advisory feeds, and threat intelligence sources to enrich vulnerability findings with broader context and emerging threat patterns * Contribute to Thought Leadership: Support our external presence through technical blog posts, security videos/podcasts, and occasional conference presentations, sharing insights from your research WHAT YOU NEED TO BE SUCCESSFUL: * Security Research Expertise: 5+ years of hands-on security experience with proven vulnerability research background, comfortable investigating complex security issues and building proof-of-concepts to validate findings * Cloud Security Mastery: Deep knowledge of AWS security, cloud infrastructure vulnerabilities, container security, and cloud-native attack vectors, with hands-on experience securing cloud environments at scale * Technical Investigation Skills: Strong coding and scripting abilities (Python, Go, or similar) for automating research tasks, building validation tools, and creating proof-of-concept exploits * Analytical Excellence: Proven ability to analyze complex security data, distinguish between critical threats and false positives, and communicate technical findings to both technical and business audiences * Product Mindset: Experience translating security insights into product requirements, with ability to identify patterns across vulnerabilities that inform strategic product decisions * External Intelligence Integration: Experience working with vulnerability databases, security advisory feeds, and threat intelligence sources to contextualize and prioritize security findings * Collaborative Mindset: Strong communication skills and ability to work effectively with security research peers, AI/ML teams, and product stakeholders, translating security domain knowledge into actionable improvements * High-Volume Execution: Comfort with systematic labeling work while maintaining accuracy and attention to detail, balancing speed with quality in fast-paced environments * Nice to haves: * Experience with AI/ML security or working with AI-generated security findings * Background at security tooling companies or building security products * Expertise in specific vulnerability research methodologies and frameworks * Open source contributions to security tools or research projects * Previous content creation experience in security (blogs, talks, research papers) * Industry certifications (CISSP, OSCP, AWS Security, etc.) WHY JOIN US: * Ambitious Challenge: We're using generative AI (LLMs and agents) to solve some of the most pressing challenges in cloud security today. You'll be defining how AI understands and prioritizes vulnerabilities, working at the cutting edge of AI-powered threat detection. * Expert Team: We are a team of hands-on leaders with experience in Big Tech and Scale-ups. Our team has been part of the leadership teams behind multiple acquisitions and an IPO. * Growing Security Research Function: Join a collaborative security research team where you'll work alongside other experts, share insights, and collectively shape how our AI platform understands security threats at scale. * Impactful Work: Your security research and labeling work will directly improve how thousands of organizations understand and respond to cloud security threats, scaling expert security knowledge through AI to protect the entire ecosystem. * Product Influence: Your day-to-day research insights will directly influence product strategy and development, giving you a voice in building the next generation of AI-powered security tools. * Pioneer AI-Native Security: Help establish the gold standard for AI-assisted vulnerability research, defining how human security expertise enhances machine learning models in the cybersecurity domain.