Founding Security Engineer / Head of Security
The problem we saw
Most AI infrastructure is built for batch: send a query, wait, get a response, reset. Powerful, but transactional. AI is becoming interactive, sessions that hold state, models that stay alive between turns, generation that responds as it runs, and the infrastructure to deliver that at scale doesn't really exist yet.
The bottleneck isn't the models anymore. It's the infrastructure underneath them.
What we're building to fix it
uRun is the inference cloud for interactive AI: the compute layer that makes real-time, stateful inference possible at scale. We came out of stealth in April 2026, are backed by top-tier investors, and are founded by Keegan McCallum, former Head of ML Infrastructure at Luma AI.
We're an infrastructure company. We build the layer that model labs, builders, and research teams ship on top of.
Where you come in
You'll be uRun's first dedicated security hire. This is a founding role: you'll own security end-to-end as a hands-on engineer, and as the company and team grow, you'll have the opportunity to build out and lead the function.
The problem you're here to solve: build a security foundation worthy of the infrastructure we run. That means hardening a distributed AWS and Kubernetes stack running stateful inference at scale, standing up the compliance program that unlocks enterprise deals, and embedding security into engineering without becoming a blocker.
You'll join as we move from stealth to scale, begin enterprise partnerships, and approach our Series A — the point where this work has the most leverage.
What you'll actually be doing day-to-day
Compliance and risk
Own SOC 2 Type II end-to-end: scoping, control design, evidence collection, and audit
Drive ISO 27001 and additional frameworks as we scale into enterprise partnerships
Stand up and manage compliance automation tooling (Vanta, Drata, or equivalent)
Respond to vendor security questionnaires and represent uRun's security posture on customer calls
Build and maintain security policies, procedures, and documentation
Infrastructure and cloud security
Harden our AWS environment: IAM, KMS, secrets management, GuardDuty, CloudTrail, VPC
Secure our Kubernetes and EKS stack: container security, RBAC, network policies, runtime controls
Embed security into CI/CD pipelines: SAST, dependency scanning, secrets scanning
Build detection and response capabilities: alerting, playbooks, and incident response processes
Drive vulnerability management end-to-end, from detection through remediation and reporting
Partnerships and stakeholders
Work directly with engineering to resolve security blockers and unblock partnership deals
Manage external auditor relationships and coordinate security reviews
Report on security posture and risk to leadership
What skills you need for the journey
6+ years in security engineering, including time as a founding or sole security hire, or otherwise owning security with minimal support
Proven track record delivering SOC 2 end-to-end as program owner — not just as a contributor
Deep AWS experience: IAM, KMS, GuardDuty, CloudTrail, EKS, and Kubernetes security
Hands-on with compliance automation tooling: Vanta, Drata, or equivalent
Comfortable embedding security into CI/CD: SAST, DAST, secrets scanning, dependency management
Strong incident response background: you've handled real incidents and built playbooks from scratch
A clear communicator who can represent security to technical and non-technical stakeholders, including customers
Able to work PST hours and thrive in a fast-moving, ambiguous environment
Things that will give you an edge
Familiarity with AI security frameworks: OWASP LLM Top 10, MITRE ATLAS
Certifications: AWS Security Specialty, CISSP, CISM, or equivalent
Experience securing GPU or ML-inference infrastructure specifically
What you'll get in return
Competitive salary and meaningful equity in an early-stage AI infrastructure company. The band above is our target; for an exceptional candidate we'll go higher. Equity is real — you're early, and the grant reflects that.
Health, dental, and vision — full coverage
401(k) — company-supported retirement savings
FSA/HSA — flexible spending accounts for healthcare costs
Paid time off — we trust you to manage your time
Top-tier tooling — access to the best AI tools available: Claude, Codex, Kimi, and whatever else helps you move faster
MacBook Pro and AirPods — the hardware you need, on us
How we work (and what that feels like day-to-day)
We build the stage, not the show. We're an infrastructure company, a developer-tools company, and a production partner for model labs, and focus is a deliberate choice we've made and hold to.
Day-to-day, that means a small team, a high bar, and real ownership. You won't wait for permission or inherit a backlog of someone else's decisions, in a founding security role, the function is what you make it.
It also means ambiguity: priorities shift, not everything is documented, and you'll often be the person who decides what "secure enough, for now" means. That suits some people and not others, and we'd rather you know that before you apply.
Watch our launch party video
Read the manifesto
Follow us on LinkedIn
Follow us on X