Careers

AI got autonomy. Defense didn't.

AI agents act on behalf of more than a billion people every day. The independent layer that keeps them honest does not exist yet. We are building it. Five founding roles are open.

Write to careers@runvigil.aiSee the five roles ↓
The mission

Defense for the agent economy.

The stakes

The agent economy will move 15 trillion dollars by 2030. The infrastructure to keep those agents honest does not exist. Banks have audit trails. Courts have evidence. AI agents have neither. We are the layer that makes them accountable.

Why now

Every era of computing needed an independent trust layer. SSL/TLS for the web. Zero Trust for cloud. The agent economy needs one too. Without it, every breach is a forensic exercise after the damage. With it, the damage is preventable.

Vigil

We are that layer. One Rust engine running on every surface where AI acts. Local-first. Cryptographically verifiable. Protocol-backed. We do not watch. We defend.

Who we hire

The people we hire understand what is at stake. They build for correctness over velocity. They hold a hard line on voice and design. They see attacks before the adversary does. If you are reading this and the work matters to you, write to us.

Build
v2.1.0 live
Base
SF, Singapore or remote
Reports to
Founders, direct
The roles

Senior bar. Real ownership. No padding.

Role 01
Infrastructure Engineer
Rust · Axum · Fly.io
Role 02
Security Engineer
Detection · Threat research
Role 03
Protocol & Standards Lead
TAP · VARP · VOAF · NIST
Role 04
Growth Marketer
Distribution · Content · Community
Role 05
Sales & BD Lead, US
Enterprise · Partnerships · CISO

Own the Gateway. Own the proxy.

You will write Rust that intercepts every AI call a customer makes, on every provider, at network layer. If it breaks, we are blind. If it adds latency, customers feel it. The bar is high.

Vigil is at v2.1.0 on main. Eleven Rust crates plus vigil-cloud. Two hundred forty-nine tests green. Singapore-region Fly.io deployment. Tauri menu bar app on macOS, Chrome extension shipped. The proxy works today. The Gateway and the Cloud Agent Registry are next.

What you own
  • The Gateway production surface. TLS-intercepting proxy at network layer. Drop-in for developers. p99 under 10ms is a target you defend, not a hope.
  • The Cloud Agent Registry. Coverage layer for the AI that runs when the user is not present. Honest about what is and is not covered.
  • The Rust monorepo. Eleven crates plus vigil-cloud. You will write code, review code, and decide what does not get written.
  • The deploy chain. Fly.io Singapore, Supabase, Vercel. Production discipline. Migrations first. Smoke tests always.
Who you are
  • Senior Rust. You have shipped Axum or Actix in production at meaningful traffic. You can read someone else's tokio code and tell them where the deadlock will happen.
  • You think in latency budgets. p99 is a number you defend, not a number you discover at incident time.
  • You have opinions about TLS, certificate handling, and where the trust boundary sits. You can explain root CA installation to a non-technical user without making them nervous.
  • You read RFCs before blog posts. You have written code that depends on someone else getting an RFC right.
  • You hold the whole system in your head and still ship in days.
Bonus signal
  • Security or networking background. Not required. Shows in the code if you have it.
  • You have worked on systems where someone would lose money or reputation if they broke.
  • You have shipped on Apple Silicon and know the difference between MLX and ONNX without checking.
How to apply
Email careers@runvigil.ai with subject INFRA. Send a link to code you wrote. A repo, a commit, a benchmark, a postmortem. No CV needed if the code is enough.

Defend the defender. Hunt at scale.

Four statistical detection models in production. None of them are LLMs. That is not an oversight. That is the thesis. Our defense layer cannot itself be prompt-injected. Your job is to keep it that way and make the detection sharper.

The detection architecture is locked. Isolation Forest for anomaly detection. LSTM for sequence prediction. Multi-window CUSUM for drift. Bayesian correlation network for cross-dimensional anomalies. Three open standards filed with NIST (docket 2025-0035): VOAF for audit format, TAP for agent identity, VARP for revocation. You will sharpen the models, harden the surfaces, and stand behind the standards.

What you own
  • Detection architecture. Four anomaly models in production. Tuning, evaluation, false-positive triage. New surfaces as the platform extends.
  • Red team against ourselves. The proxy, the Execution Gate, the Kill Switch. Find what we missed before an adversary does.
  • Threat research. Real adversaries, not theoretical ones. This work feeds WARDEN, the threat-intel layer that providers cannot credibly run on themselves.
  • NIST docket coordination. VOAF, TAP, VARP technical correspondence. Standards body engagement where it touches detection or revocation.
Who you are
  • You have done detection at scale. Google, OpenAI, Meta, Cloudflare, a serious blue team, or a serious offensive team. Or you have published threat research that other people cite.
  • You can read a packet capture and a proxy log and tell the same story from both. You understand the difference between "alert" and "signal."
  • You understand why we do not use an LLM to make a security decision. You can explain it in one sentence to a non-technical investor.
  • You have written, or broken, something a regulator cared about.
Bonus signal
  • Prior CVE attribution or published research with citations.
  • Standards body experience (IETF, W3C, NIST, ISO).
  • You know what "scope equals AI action type, not topic" means and you can defend the choice.
How to apply
Email careers@runvigil.ai with subject SEC. Send a research write-up, a repo, a disclosure, or a postmortem. The work is the application.

Make the standards stick.

TAP, VARP, VOAF are filed with NIST. Their value scales with non-Vigil adoption, not with ours. You will be the person who makes that adoption happen. The protocol moat does not become structural without this role.

Three open standards. One NIST docket (2025-0035). Four partnership targets in the next 180 days: LangChain TAPAgent, Anthropic MCP integration, Cloudflare AI Gateway, and tier-2 cloud defaults (Fly, Railway, Replit, Vercel). The brief is to land at least one of these by July 17, 2026, and two by year-end.

What you own
  • TAP, VARP, VOAF adoption. The three open standards. Technical correspondence with NIST on docket 2025-0035. Specification updates as the ecosystem comments back.
  • Framework partnerships. LangChain TAPAgent. LangGraph. Anthropic MCP integration. The work is half technical and half political. You will draft PRs and chair calls in the same week.
  • Cloud platform partnerships. Cloudflare AI Gateway. Fly, Railway, Replit, Vercel. Default TAP support at the platform layer is the fastest path to network effect.
  • Regulatory dialogue. Singapore (EDB, IMDA). EU AI Act tracking. Colorado AI Accountability Law. You will brief regulators and translate their language back into the spec.
Who you are
  • Standards body experience. W3C, IETF, NIST, ISO, or equivalent. You have shipped a specification that other people implemented.
  • Protocol design background. You can read a draft RFC and tell whether it will survive working-group review.
  • You sit in an engineering room and a policy room on the same afternoon and contribute to both. Neither room thinks you are out of place.
  • You understand why protocol value is in non-Vigil adoption. FICO did this with credit. DigiCert with certificates. We are doing it for agents. That argument lands for you immediately.
  • You have driven a partnership integration that resulted in a deployed product, not a press release.
Bonus signal
  • Prior agent identity, cryptography, or PKI work.
  • Asia or EU regulatory exposure. Direct dialogue with EDB, IMDA, NIST, ENISA, or equivalents.
  • You have killed a bad specification on its way through a working group. Knowing what does not get standardised is half the job.
How to apply
Email careers@runvigil.ai with subject PROTOCOL. Send a link to a spec you authored or co-authored, and one paragraph on which of LangChain, MCP, Cloudflare, or tier-2 cloud you would land first and why. Skip the resume.

Distribution is the product. Until it is not.

Vigil's thesis is that the independent attestation slot in AI security is structurally empty. Owning that slot requires distribution. You will run it. Not "campaigns." Loops.

The brand is locked. The voice is sharp. The content pillars are defined: Threat Demonstrations, Technical Architecture, Founder Narrative, Standards. The CMO ran APAC marketing at YouTube and Red Bull. He is not looking for a coordinator. He is looking for someone who can run a content engine, ship reactive posts the same day, and build a referral loop that does not need paid air cover to work.

What you own
  • Weekly Brief distribution. Subscriber growth. Open rates. Forward rates. Citadel and Sovereign retention through Brief value.
  • Content velocity. Threat Demonstrations and Technical Architecture pillars. Four-week cadence as a floor, not a ceiling. Reactive posts within hours, not days.
  • Channels. LinkedIn, X, YouTube. Engineering audience first, consumer audience second. Paid acquisition only once unit economics justify it.
  • Referral mechanics. Founding member program. Sovereign tier waitlist. The economics of organic compounding.
Who you are
  • You have grown a brand from a small base to a real one. The number you point to is yours, not your employer's.
  • You write well. You can ship a piece a CISO and a curious twenty-five-year-old both read.
  • You think in distribution loops. You know the difference between a campaign and a system.
  • You can produce a thread, a video, and a landing page in the same week and ship all three.
  • You have a point of view on AI, security, or privacy. You have been thinking about this longer than the news cycle has.
Bonus signal
  • Security, privacy, developer tools, or fintech background.
  • You have run a newsletter that grew on its own merit.
  • You have shipped something that broke through without paid distribution.
How to apply
Email careers@runvigil.ai with subject GROWTH. Send links. Three pieces you shipped, the audience they reached, and the number you grew. No deck.

Land the US. Pipeline, not pitch decks.

Singapore and SEA are covered. The US is not. You will own US commercial from first conversation to closed deal: enterprise direct, B2B2C partnerships, channel. The independent attestation slot in AI security is structurally empty. The US buys it first or it buys it later, but it buys it. Your job is to make sure it buys it from us.

Our wedge in the US is simple. AI providers cannot credibly audit themselves. CISOs feel it every week. Regulators are starting to require it. You will sit across from those buyers and translate that thesis into signed contracts and live partnerships. You report to the CCO. You build the US commercial motion from a blank page.

What you own
  • US B2B2C partnership pipeline. Insurance, wealth management, healthcare, fintech, legal. Mirror of the work Toby is doing in SEA, sized for the US. Pricing is 2 to 5% of partner revenue, or $10 to $50 per end-user per year.
  • Enterprise direct. Fortune 500 security and compliance teams. CISO conversations. Six-figure-plus contracts where the buyer needs an independent layer the AI providers themselves cannot offer.
  • Strategic partnerships in the US. AWS, Anthropic, Cloudflare, LangChain, tier-2 cloud platforms. The Protocol & Standards Lead drives technical adoption. You drive commercial terms.
  • US regulatory dialogue. NIST docket 2025-0035 commercial implications. Colorado AI Accountability Law. California and New York AI legislation. Translating regulatory pressure into procurement triggers.
Who you are
  • Seven-plus years in security, compliance, or AI infrastructure commercial. CrowdStrike, Wiz, Cloudflare, Snyk, Okta, HashiCorp, Datadog, Snowflake, or equivalent. You have closed deals where the buyer cared more about the risk than the feature list.
  • You have a CISO Rolodex. You can name fifteen CISOs at Fortune 500 companies you have had real conversations with in the last eighteen months. Not LinkedIn connections. Conversations.
  • You understand the difference between selling a SIEM and selling an attestation layer. We are not a SIEM and we do not want to be one. If you cannot defend that distinction in front of a buyer, this is not your role.
  • You operate from the East Coast or the Bay Area. You travel. You can be in three cities in a week and still send the recap by Friday.
  • You write well. The first round of every deal here is written, not pitched.
Bonus signal
  • Prior AI governance, AI risk, or AI safety commercial experience.
  • You have sold into financial services, healthcare, or government. The regulated buyers are our wedge.
  • B2B2C and channel track record. Pure enterprise direct is welcome but not the whole job.
  • You have closed a deal that required a technical architecture review and a board-level risk review in the same quarter.
How to apply
Email careers@runvigil.ai with subject BD-US. Send three things: two deals you closed and what made them close, the names of three CISOs you would call this week, and your read on which US market segment we should attack first and why. Skip the resume.
How we work

The principles, not the perks.

01
Local-first
Every Vigil deployment runs on the user's device. There is no telemetry to a server we control. The user owns the keys. This is the architecture, not a feature, and it is not negotiable. If you are uncomfortable defending that constraint to investors, customers, or yourself, you should not be at Vigil.
02
Cryptographically verifiable
Every action Vigil takes generates a sealed audit record that survives without us. Auditors, courts, and insurers verify it without contacting Vigil. We trust math, not assertions. We ship code that holds up to forensic review, not press releases.
03
Engineering discipline
We root-cause every bug. Byte-identical builds across machines. Manual gates between commit and production. Detection spec locked, deviations blocked. We move slow at the boundaries that matter and fast where they do not. If the words "just ship it" make you nervous, we are aligned.
04
Mission-driven hiring
We hire for the work, not the framework or the salary. If AI accountability is the most important problem you can work on right now, you belong at Vigil. If it is one of several interesting options, you probably do not.
05
Singapore and Delaware
Operations in Singapore. Legal entity in Delaware. Global ambition, deliberate footprint. We hire where the right person is. The only constraint is overlap with Singapore, US east coast, or US west coast hours. We do not hire for hours on Slack. We hire for what shipped this quarter.
06
Senior-only, for now
Every hire is senior. Every hire owns a domain end to end. We are not building a team that needs management overhead. We are building one that ships. Junior hires come later, when there is mentorship structure to deserve them.

This is not the role for you if

You need a roadmap drawn for you.
You optimise for being agreeable.
You think "AI safety" is a slide topic.
You want hierarchy before output.
You have not shipped in two years.
You need a brand to point to before joining one.
You believe LLMs should make security decisions.
You want a job. Not a stake.

One email. One subject line.

Pick the role. Use the subject line on the role card. Send what you have shipped. We read every email. We reply within one business day.

careers@runvigil.ai
Need a different role?

The list is short on purpose. Write to us with what you would build here. We read every email. Vague pitches go unanswered. Specific ones get a reply within one business day.

careers@runvigil.ai
PlatformThe AI defense platform for humans·Buildv2.1.0 · 362 tests · 11 crates · 31 endpoints · <10ms p99·PatentsVIGIL-2026-001 · VIGIL-2026-002·RegulatoryNIST docket 2025-0035 · mmk-190r-hvap