Lead AI Security Engineer, MCP Security

November 7

Apply Now

Receive Emails with Similar Jobs

Trimble Inc.

WebsiteLinkedInAll Job Openings

Construction • Transportation • Geospatial

Trimble Inc. is a technology company that provides advanced solutions across various sectors including construction, transportation, geospatial, and natural resources. They empower industries to improve efficiency and profitability by leveraging real-time data insights, innovative software, and precise hardware. Trimble's solutions are used by millions of professionals globally, helping them to collaborate effectively and manage complex workflows, ultimately transforming how work gets done in diverse environments.

10,000+ employees

💰 Post-IPO Debt on 2022-12

📋 Description

• Lead the design and implementation of a defense-in-depth security framework for Model Context Protocol (MCP) servers and related agent ecosystems. • Own enforceable scopes, egress control, and observability patterns that protect internal and customer data while preserving developer velocity. • Operate as a Lead/Specialist: working independently, leading others to solve complex problems, and applying specialized expertise to influence product, platform, and policy decisions. • This is a hands-on role: design, code, test, and ship production-grade security components and reference implementations. • Architect, implement, and maintain a secure ingress pattern for remote MCP servers behind an authenticated gateway. • Define and implement scope-based authorization aligned to OAuth2/OIDC. • Build or adapt to egress controls and telemetry for remote and local/stdio MCP servers. • Ship and maintain production-ready reference implementations and hardened templates for Kubernetes-based deployments. • Integrate static and supply-chain scanning into CI for MCP servers. • Automate checks in registration and deployment pipelines. • Partner with agent teams for tool metadata linting, scope-to-tool mapping, and safety checks at the agent and gateway layers. • Build and maintain vetted libraries, CLIs, shims, and middleware for token validation, scope evaluation, logging, and egress controls. • Lead cross-functional technical design with other Trimble security and platform teams.

🎯 Requirements

• Deep hands-on expertise with OAuth2/OIDC, scopes, consent, and token validation patterns. • Experience evolving toward enforceable scopes at the authorization server. • Understanding Kubernetes architecture and platform engineering fundamentals, including container security, service identity, and secret management. • Understanding of the current agent/MCP ecosystems and AI-specific risks, with a bias for controls at the tool, agent, and layers rather than intrusive network overseers. • Proficiency in one or more of: Python, TypeScript, .NET, or Java for platform, services, and tooling. • Ability to choose the right tool for the component. • Experience translating security policy into policy-as-code and enforcing it through code-written integrations is a plus. • Specialized depth in security-focused application development with the ability to lead others on complex issues. • Works independently, receives guidance only on the most complex situations. • Communicates difficult concepts, negotiates trade-offs, and influences across teams. • Interprets business and regulatory challenges to recommend best practices with the ability to explain them to non-technical staff.

🏖️ Benefits

• Health insurance • Professional development opportunities