About PackageX:

PackageX is the execution layer for physical AI in enterprise logistics. We enable enterprises to see, understand, and execute real-world logistics operations in real time using Vision-Language-Action intelligence.

We sit between systems of record (ERP, WMS, TMS) and the physical world, turning cameras, people, and automation into deterministic, auditable workflows. Rather than replacing existing systems, PackageX makes them operationally intelligent.

We start with inbound receiving, the highest-friction choke point in logistics, and expand across adjacent workflows, sites, and automation modes. This creates a workflow-led enterprise expansion motion that compounds inside complex operations.

We're a fast-growing pre-Series A stage startup in New York City with a distributed global team backed by Bullpen Capital, Pritzker Group, Sierra Ventures, Ludlow Ventures, MXV Capital, and NSV Wolf Capital.

What We Are Looking For

We’re looking for a security engineer who is serious about their craft and genuinely curious about where the field is heading. This role sits at the intersection of traditional application security and the new challenges that come with building AI-powered products. You’ll own security end-to-end, from hardening our cloud infrastructure and reviewing code, to thinking through what it means to secure systems that use large language models. You don’t need to have done this exact job before, but you should be the kind of engineer who stays curious, learns fast, and cares deeply about getting things right.

You will:

• Own security across the SDLC from threat modeling during design, to security reviews during development, to vulnerability scanning in CI/CD. You’ll use modern tooling (including AI-powered scanners where they genuinely help) to keep pace with a fast-moving engineering team
• Conduct vulnerability assessments and penetration tests across our web applications, APIs, and infrastructure. You’ll identify issues before attackers do, document findings clearly, and work directly with developers to get them fixed
• Write and maintain security policies that engineers will actually follow, clear, practical, and grounded in how the team actually works, not copied from a compliance template
• Think carefully about the security risks that come with AI-powered products, such as prompt injection, sensitive data leaking through model outputs, and how to keep our LLM integrations safe for customers. This is a newer area, and you’ll be helping us figure it out as we go
• Report on security posture to engineering leadership, tracking gaps, trends, and open issues in a way that helps the team prioritize and act, not just tick compliance boxes
• Review code for security issues and work closely with developers to fix them, building habits and processes so security feedback becomes a normal part of how the team ships, not a last-minute blocker
• Define and maintain security standards for how we build and deploy software, writing clear guidelines, putting automated checks in place, and making it easy for engineers to do the right thing by default
• Build automation that makes security work scale — whether that’s smarter alerting, faster triage, or tooling that helps developers catch and fix issues without needing a security engineer in every conversation
• Participate in product and engineering design discussions — raising security concerns early, helping the team understand the risks, and finding solutions that don’t slow down shipping
• Embed security into our CI/CD pipelines and development workflows — reducing the time between finding a vulnerability and getting it fixed, and making security a shared responsibility across the engineering team
• Keep up with how the security landscape is evolving — particularly as AI becomes a bigger part of how software is built and attacked. You’ll bring that knowledge back to the team and help us stay ahead of new threats
  
  
  

Skills and Qualification:

• A degree in Computer Science, Information Security, or a related field
• 3+ years of hands-on experience in application security or security engineering.
• Proven ability to build, manage, and monitor security in production environments where reliability matters — you’ve operated under pressure, handled incidents, and know what it takes to keep systems safe at scale
• Solid experience securing web applications, APIs, and cloud infrastructure — covering areas like intrusion detection, access control design, incident response, and security policy development. You know the fundamentals well and can apply them in a real product context
• Experience with static and dynamic code analysis, you’ve worked with SAST and DAST tools, know their limitations, and can help developers actually act on what those tools surface rather than just generating noise
• Familiarity with modern cloud architectures, serverless, microservices, and API-first designs. Bonus if you’ve thought about what it means to secure systems that call LLM APIs or handle AI-generated outputs as part of their core workflow
• Strong understanding of OWASP Top 10 vulnerabilities and how to defend against them. Familiarity with the OWASP Top 10 for LLMs is a plus; we’re building AI-powered products and need someone who can think through what that means for security
• Good understanding of RESTful API security, authentication, authorization, rate limiting, and input validation. Our platform is API-heavy, and we need someone who can spot the common mistakes and knows how to prevent them
• Strong experience in penetration testing and vulnerability analysis. You can run an assessment end-to-end, write up findings that people actually read, and follow through until issues are resolved — not just hand over a report and move on
• Experience working with AWS and/or GCP, securing cloud infrastructure, managing IAM policies, and understanding how cloud-native services introduce their own security considerations. We run primarily on AWS
  
  
  

What can you expect from the application process?

All applications will be looked at by the People team, who will reach out to shortlisted candidates. Across various interview rounds, you'll speak with the hiring manager and other functional heads. We want to have an open discussion about your work and how we can be a great fit. The process may also involve an assessment or presentation relevant to the role. You can expect an offer after three rounds of interviews. All offers are subject to satisfactory reference and background checks.

We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.