Software Engineer

AI agents are becoming autonomous - they execute code, call APIs, and make decisions without human oversight. An adequate security approach to govern them doesn't exist yet. We're building it. Our founding team created Sigstore, the open-source signing standard now used by npm, PyPI, Kubernetes, and other critical infrastructure. We're applying that same thinking to agentic security: execution boundaries, immutable attestation, and dynamic capability management for AI agents.

We're looking for a Software Engineer to join an early, high-trust team. You'll work on nono - our open-source agent security runtime - alongside the founders and our growing team. This isn't a "junior ticket queue" role: you'll own meaningful pieces of the system, ship in the open, and have your work used by developers building real agentic systems. It's a role for someone earlier in their career but with unmistakable talent and a track record of doing excellent work in open source.

What You'll Do

• Ship on nono. Contribute core features, fixes, and tooling to our public runtime. Your commits, issues, and reviews are part of the product's public identity.
• Maintain our client libraries. Help keep nono's SDKs across Rust, Go, TypeScript, and Python healthy - feature parity, releases, docs, and issue triage.
• Build primitives for agent security. Work on execution interception, policy evaluation, attestation, and capability management under the guidance of senior engineers - learning the systems-level craft as you go.
• Work on our commercial security product. Alongside nono, we're building a security product for enterprise customers. You'll contribute across both - the open runtime and the product built on top of it.
• Help run our infrastructure. Share ownership of the systems that keep us running - CI/CD, build and release pipelines, observability, and the environments our product depends on. Small team, real responsibility.
• Engage with the community. Triage issues, review community PRs, write up design notes, and help external contributors land their first changes. Open source is a first-class surface for us, not an afterthought.
• Represent us publicly. We'll actively encourage you to speak at conferences and meetups, write blog posts, and represent Always Further in the open-source and agent-security communities. Your voice becomes part of how the company is known.
• Harden what we ship. Write tests, reproduce edge cases, chase down bugs in adversarial scenarios, and help raise the quality bar across the codebase.
• Learn in public. Pair with principal engineers on hard problems, ask questions freely, and turn what you learn into documentation and tooling that helps the next person.

What We're Looking For

• A proven open-source track record. You have public work we can read - meaningful contributions to projects you don't own, or projects of your own that other people actually use. You understand how good open-source communities operate: clear issues, reviewable PRs, kind and direct code review.
• Strong engineering fundamentals. You write clean, tested code and can reason about correctness, performance, and failure modes. You're not expected to be a kernel expert yet, but you're curious about systems and eager to go deeper.
• Comfort across a few languages. nono and its client libraries span Rust, Go, TypeScript, and Python. You don't need to be expert in all four, but you should be productive in at least one and happy to move between them.
• Security background is a real plus. You don't need one to apply, but if you've done appsec, offensive work, supply chain, or systems security, it'll translate directly into the problems we're solving. Either way, you should find adversarial thinking, threat modelling, and the weird behaviours that emerge when LLMs drive real systems genuinely interesting.
• AI-first, responsibly. We're an AI-first company - tools like Claude Code are part of how we build every day. We use them to move fast, but we take responsibility seriously: we understand their limits, review what they produce, and never cede ownership of the code.
• Clear communicator. You write well - in PR descriptions, issues, design docs, and Slack. You ask good questions and give thoughtful reviews.
• Self-directed. You can take a loosely specified problem, break it down, ask the right clarifying questions, and drive it to a shipped outcome without needing a manager in the loop every day.

How We Work

• Best idea wins. We're a small team. Good ideas come from anywhere and get tested against reality, not seniority.
• Intellectual humility. Nobody has all the answers in a space this new. We expect curiosity over ego.
• Rigorous peer review. We debate openly and hold each other to a high bar. The goal is the best outcome, not being right.

Why Join

• Real ownership, real impact. You'll ship code that's used by people building the next generation of agentic systems, and your name will be on the commits.
• Mentorship. You'll learn systems security, cryptography, and open-source craft from engineers who've done it at scale.
• Early-stage equity. As an early hire at a pre-seed company, you'll receive meaningful equity alongside a competitive base salary.
• Remote, UK preferred. We're UK-based but open to only exceptional candidates wherever they are. We provide flexible working built on trust and ownership.