About the RoleVapi is deployed for multiple large enterprises, including several Fortune 500s, across regions around the world (including the EU and Australia). We're hiring a DevSecOps Lead to build and harden the security posture of our product and underlying infrastructure as we scale upmarket - so we stay compliant, secure, and ahead of what regulated enterprise customers expect.
This is a hands-on senior IC / lead role reporting to Tejas Siripurapu in Core Engineering. You'll partner closely with InfoSec, Engineering, and GTM, and your work will directly determine how confidently the largest companies in the world can run on Vapi.
What You'll Do- Make Vapi's security posture world-class for the enterprise - shift security left, catch regressions during code review and CI, and harden our multi-tenant infrastructure as we onboard the Fortune 500.
- Build automation as a security primitive - including agentic systems that run penetration tests against staging ahead of every release, and that auto-remediate issues as they surface.
- Own the compliance roadmap end-to-end alongside InfoSec, including Drata and the automations that keep us audit-ready as we expand into new regions and regulated industries.
- Partner deeply with Engineering, InfoSec, and GRC - building guardrails developers actually use, not ad-hoc controls bolted on after the fact.
- Be the authority Sales and GTM lean on - giving prospects and enterprise customers the confidence that Vapi's security posture matches the trust they're placing in us.
Who You AreMust-Haves- 5-10 years of engineering experience, with significant time in modern cloud-native SaaS - AWS, Kubernetes, Postgres, and ideally VoIP.
- Strong understanding of security in a multi-tenant cloud environment serving regulated enterprise customers with many third-party integrations.
- High proficiency writing and reviewing code - you can ship the fix, not just file the ticket.
- Invested in shift-left security: catching regressions during code and test, not after production incidents.
- Collaborative by default - you build guardrails with security, engineering, and GRC partners rather than operating as a lone wolf.
- Hands-on by preference; comfortable as a senior IC or lead, not looking to step into pure management.
Nice-to-Haves- Direct experience securing CI/CD pipelines.
- Background as a backend software engineer.
- Experience with compliance frameworks (SOC 2, ISO 27001, HIPAA) and tools like Drata.
- Familiarity with VoIP / telephony security and the failure modes of real-time systems.
How We Work- Build something worthy of love: We aim to build products and experiences customers genuinely love, not just tolerate.
- Commit and follow through: We finish what we start and build trust by being people others can count on.
- Why not today?: We value urgency and momentum. The fastest path to customer value usually wins.
- Seek raw input: We go directly to customers, data, and teammates instead of relying on summaries or assumptions.
- It's our problem: We operate as one team. We share credit, own mistakes together, and support each other when things get hard.
- Be direct and kind: We give feedback clearly, respectfully, and without delay.
Why Vapi- Define the future of human-AI interaction: Help pioneer a new era of voice-based AI products that are transforming how people and businesses communicate.
- Own meaningful work at a breakout startup: Join early, take real ownership, and have a direct hand in building a category-defining company from the ground up.
- Surround yourself with exceptional people: Work alongside a world-class team of engineers, operators, and builders backed by top-tier investors who believe in our mission.
- Accelerate your career in a high-growth environment: Grow fast, take on big challenges, and unlock opportunities as we scale one of the most exciting platforms in AI.
What We Offer- Competitive compensation: includes a strong base salary and meaningful equity ownership.
- Comprehensive health coverage: medical, dental, and vision plans.
- Flexible time off: take-what-you-need vacation policy with an emphasis on rest and balance.
- Daily meals: catered lunches and dinners provided for in-office days.
- Lifestyle & wellness stipends: monthly allowances to support rent, transportation, food, fitness, and mental well-being.
- Professional development: annual learning stipends for courses, conferences, and upskilling.
- Team connection: regular offsites, team events, and opportunities to build in-person relationships.
