Job Description
Project Brief
We're building out a Model Context Protocol (MCP) infrastructure for a mid-market US software company moving fast into agentic AI. As that system grows — more tools, more agents, more external integrations — the attack surface grows with it. This is a net-new security function: no incumbent, no security team to lean on. You'll own it.
Your primary focus is MCP security: JWT-based authentication, secrets management, prompt injection defense, and tool-use guardrails as the agentic layer expands. Your secondary focus is the broader application security backlog that the client's IT team and senior developers currently absorb ad hoc. You're not working one problem. You're working two, and you'll need to prioritize between them daily.