Security Engineer
About OpenRouter
OpenRouter is the open AI routing and infrastructure layer that enterprises use to access, manage, and optimize the best large language models across providersâwithout lock-in, capacity constraints, or unnecessary cost. We power some of the most advanced AI teams in the world by giving them the flexibility to move fast, scale confidently, and stay future-proof as models evolve. As enterprise adoption of AI accelerates, OpenRouter sits at the center of how organizations operationalize LLMs across research, product, and production workloads.
About the Role
We're hiring our first Security Engineer to own the process of safeguarding our systems, infrastructure, applications, and data. As the first security hire, you will build out our security operations and vulnerability management process for our AI gateway platform. You'll implement programs, run tooling, ship security fixes, and drive remediation across our stack. Youâll be responsible for all aspects of ensuring the security of our platform and users. This isn't a compliance paperwork role; it's a hands-on security position with direct impact on how we protect millions of API requests daily. You'll work closely with engineering and senior leadership to ship security improvements that actually matter.
What You'll Do
Deploy and operate vulnerability scanning across our cloud infrastructure. Triage findings and drive remediation with engineering teams.
Lead security assessments for internal and customer security needs (e.g. SOC 2 Type II, ISO 27001, HIPAA audits).
Maintain vulnerability and remediation documentation for auditors.
Act as a liaison between product, engineering, compliance, and GTM to guide and prioritize the right security investments.
Perform penetration tests, tabletop exercises, DR testing, and incident response.
Manage endpoint security tooling as we scale; conduct audit log reviews and maintain visibility across our stack.
About You
3-5+ years in security engineering or operations.
Deep knowledge of cloud security and expertise in operating in a cloud-hosted environment.
Comfortable in compliance-heavy environments (SOC 2, ISO 27001, HIPAA).
Strong experience with SIEM platforms (Splunk, Elastic, Panther) and vulnerability scanners (e.g. Qualys, Tenable, Rapid7).
AI-forward with hands-on experience adopting, leveraging, and integrating AI tools.
Startup mindset; you thrive building programs from the ground up and not just inheriting existing playbooks.
Pragmatic and business-oriented, able to balance security rigor and business speed.
Ability to communicate risk and technical ideas clearly to both technical and non-technical audiences.
Bonus Points
Experience with AI/ML infrastructure or inference platforms.
Automation and scripting with Python.
Healthcare data handling or BAA compliance experience.