Engineering Manager, Agent & Product Security

Cursor Cursor · Coding AI · New York, NY · Engineering

Engineering Manager for Agent & Product Security at Cursor, focusing on making agentic software development trustworthy. The role involves leading a team to define and build security primitives for agent autonomy, including identity, delegated authority, policy enforcement, secure tool execution, and prompt-injection containment, directly impacting product strategy and customer adoption.

What you'd actually do

  1. Chart the path from supervised agents to trusted autonomous ones: define the security primitives that enable agent autonomy, and lead the team that builds them.
  2. Engineer the isolation that makes Cursor safe to run inside customers’ most valuable codebases: tenancy, workspace, secret, and data protections designed for real adversaries.
  3. Build the authority infrastructure autonomous agents need: identity, scoped permissions, policy enforcement, and secure tool execution, so an agent can hold real responsibility with verifiable limits and full accountability.
  4. Build customer-facing security controls that are understandable, usable, and strong enough for Cursor’s most security-sensitive customers, with crisp success metrics for security outcomes.
  5. Hire, coach, and grow a high-performing security engineering team while staying technically close to the work: write and review code where useful, and keep execution fast and technically grounded.

Skills

Required

  • Leading engineering teams shipping production systems
  • High security, reliability, or platform stakes experience
  • Product and systems judgment
  • Reasoning from user workflows to architecture, threat models, enforcement points, and operational tradeoffs
  • Understanding of modern application security, authorization, tenancy, identity, secrets, data isolation, and secure-by-default platform design
  • Instincts about AI agents, tool use, authority, prompt injection, exfiltration, and mitigations
  • Operating in ambiguity and setting strategy where precedent is thin
  • Partnering across product, infrastructure, ML, and customer-facing teams
  • Writing and reviewing code

Nice to have

  • Truth-seeking, passionate, and creative
  • Enjoying spirited debate, crazy ideas, and shipping code

What the JD emphasized

  • security-conscious engineering organizations
  • security models that future needs — identity and accountability for autonomous workers, standing authority rather than per-task permission, agent-to-agent trust, oversight that scales with always-on autonomy — mostly don’t exist yet
  • security boundaries between customers, data, tools, repositories, workspaces, and agent authority
  • decisions carry unusual weight
  • security here is tightly coupled to product strategy
  • agent autonomy as fast as we can make it trustworthy
  • security-sensitive customers
  • high security, reliability, or platform stakes
  • problem space where much of the answer isn’t written down yet
  • reason from user workflows to architecture, threat models, enforcement points, and operational tradeoffs
  • security as something that enables product capability
  • modern application security, authorization, tenancy, identity, secrets, data isolation, and secure-by-default platform design
  • AI agents: how they use tools, where authority should come from, how prompt injection and exfiltration show up in practice, and how to build mitigations that hold up against creative adversaries
  • operating in ambiguity: you can set strategy where precedent is thin

Other signals

  • agent autonomy
  • security primitives
  • identity and accountability
  • oversight that scales
  • secure tool execution
  • prompt-injection containment