Software Engine

About StepSecurity

StepSecurity prevents, detects, and responds to software supply chain attacks by analyzing behavior across the full software development lifecycle for both developers and AI coding agents. We are building a vertical AI agent for supply chain security across three pillars: securing AI agents on developer machines, OSS package security, and CI/CD security, covering the entire agentic pipeline from dev environment to cloud.

Founded by Varun Sharma (ex-Microsoft, 21 years, led supply chain security for Azure) and Ashish Kurmi (ex-Uber, Microsoft, Plaid, 17 years), we are a 16-person team working on hard problems at the intersection of security, AI, and open source.

Why this role is exciting

• We are at the forefront of supply chain security research and product development. We were the first to detect several major supply chain attacks in 2025 and 2026, including the axios npm compromise and tj-actions. (
• Our res...