Software Engine

StepSecurity
StepSecurity

India

Posted on Jun 21, 2026
Apply now

About StepSecurity

StepSecurity prevents, detects, and responds to software supply chain attacks by analyzing behavior across the full software development lifecycle for both developers and AI coding agents. We are building a vertical AI agent for supply chain security across three pillars: securing AI agents on developer machines, OSS package security, and CI/CD security, covering the entire agentic pipeline from dev environment to cloud.

Founded by Varun Sharma (ex-Microsoft, 21 years, led supply chain security for Azure) and Ashish Kurmi (ex-Uber, Microsoft, Plaid, 17 years), we are a 16-person team working on hard problems at the intersection of security, AI, and open source.

Why this role is exciting

  • We are at the forefront of supply chain security research and product development. We were the first to detect several major supply chain attacks in 2025 and 2026, including the axios npm compromise and tj-actions. (https://www.stepsecurity.io/newsroom)
  • Our research is regularly cited by Bloomberg, TechCrunch, Hacker News, and Dark Reading. The US Cybersecurity and Infrastructure Security Agency (CISA) has published advisories citing StepSecurity. (https://www.cisa.gov/news-events/alerts/2025/09/23/widespread-supply-chain-compromise-impacting-npm-ecosystem)
  • Beyond our enterprise customers, StepSecurity has been adopted by more than 15,000 open-source projects, including projects from Microsoft, Google, Amazon, and Datadog.
  • You will work on high-impact, zero-to-one problems with meaningful early-stage equity upside.

What you'll do

  • Design and build backend services in Golang that power our supply chain security platform.
  • Build scalable, fault-tolerant systems that operate across the full software development lifecycle.
  • Work hands-on in a fast-moving, early-stage environment where you own problems end to end.

What we're looking for

  • 2–5 years of experience with strong engineering fundamentals.
  • Golang backend programming experience.
  • Background working with AWS, Azure, or GCP.
  • Experience designing scalable and fault-tolerant systems.
  • Prior early-stage startup experience.
  • An AI-native mindset and comfort in a hands-on, zero-to-one environment.
  • A security background is a plus but not required.
Apply now
See more open positions at StepSecurity