Staff Product Security

About the Role

We’re looking for a Staff Product Security Engineer to lead the design and implementation of secure, scalable, and trustworthy products spanning AI, data, and cloud-native systems. You’ll work closely with engineering, data science, and infrastructure teams to embed security by design throughout the product lifecycle. This role sits at the intersection of AI/ML security, secure product development, and container/cloud-native protection, helping define the architecture, automation, and frameworks that enable secure, intelligent products at scale.

What You’ll Do

• Embed robust security practices throughout the software and AI development lifecycle (SDLC).
• Lead secure design reviews, threat modeling, and risk assessments for AI-driven products, APIs, and backend services.
• Partner with engineering and product teams to ensure security, privacy, and compliance by design.
• Build and maintain security automation and governance frameworks that integrate seamlessly into development workflows.
• Architect and enforce security controls for AI/ML systems, including model training, data pipelines, and inference environments.
• Identify and mitigate AI-specific attack vectors such as data poisoning, model inversion, prompt injection, and model theft.
• Collaborate with governance and compliance teams to align with ethical AI principles and frameworks like NIST AI RMF and the EU AI Act.
• Implement model provenance, integrity, and auditability controls to ensure responsible and secure AI operations.
• Partner with DevOps and SRE teams to secure service meshes, container networking, and secrets management.
• Drive software supply chain security, including artifact integrity, dependency management, and vulnerability reduction.
• Build internal frameworks for continuous assurance and real-time vulnerability management.
• Define and maintain reference security architectures for microservices, APIs, and AI-powered systems deployed in the cloud.
• Mentor teams on secure coding, containerization best practices, and AI risk management.
• Promote a security-first culture through advocacy, documentation, and training.
• Represent product security in cross-functional initiatives and leadership discussions.

What We Are Looking For:

Required:

• 7+ years of experience in product, application, or cloud security engineering.
• Deep understanding of secure SDLC, threat modeling, and secure architecture design.
• Proven expertise with AWS cloud security concepts and best practices.
• Strong experience with container security, orchestration, and runtime protection.
• Proficiency in Python, Java, and/or JavaScript for security automation, code review, and tooling.
• Experience securing AI/ML pipelines, data workflows, or model-serving infrastructure.
• Familiarity with DevSecOps and continuous integration/deployment environments.

Nice to Have:

• Experience with GCP or Azure cloud platforms.
• Knowledge of AI and LLM security
• Experience with software supply chain security and artifact integrity verification.
• Familiarity with compliance and governance frameworks (SOC 2, ISO 27001, NIST 800-53, NIST AI RMF).
• Certifications such as CKS (Certified Kubernetes Security Specialist), CISSP, CSSLP, or AI/ML-focused security credentials.