Jobs · Information Technology · California

Founding Product Security Engineer

Arena · San Francisco Bay Area · 6 mo ago
HybridInformation Technology$150k–$350k/yrFull-time

About the role

Arena Intelligence is seeking a Founding Product Security Engineer to lead the strategy, design, and hands-on implementation of the systems that protect Arena from attackers and keep our platform trustworthy as we scale. You will work across product, infrastructure, and data pipelines to proactively identify risks, embed security into core features, and build the platform primitives — identity, session, behavioral signals, secure APIs, model-inference-path controls — that every other team at Arena builds on top of. This is a builder role. Your work will directly influence how the world's top AI labs, developers, and millions of users experience Arena, ensuring we remain resilient against real-world attacks and evolving threats.

Responsibilities

  • Own the product security vision for Arena, ensuring security and trust are core to every stage of our product lifecycle

  • Design and implement the identity, authentication, authorization, and account-lifecycle systems that protect Arena against credential stuffing, account takeover, and API-key compromise

  • Secure the model inference path end-to-end — provider credential handling, API gateway, rate limiting, quota enforcement, and protections against secret and prompt exfiltration

  • Lead threat modeling and security architecture reviews for new and existing product features

  • Collaborate with infrastructure and product engineering to design secure APIs, data flows, and identity systems that scale

  • Improve developer velocity by creating secure-by-default frameworks, libraries, and tooling for internal teams

  • Apply adversarial thinking to continuously test and evolve platform defenses

  • Stay ahead of the curve by monitoring emerging attack techniques and applying cutting-edge security research to our platform

  • Mentor engineers across the company on secure coding practices, architecture trade-offs, and operational security

Requirements

  • 6+ years of experience in software engineering or security engineering, including staff-level scope in securing large-scale, user-facing platforms

  • Strong experience with threat modeling, secure architecture design, and risk assessment

  • Hands-on experience building security features into production systems at scale (millions of DAU / billions of requests)

  • Deep knowledge of authentication, authorization, and identity systems, including session management and credential-abuse resistance

  • Strong knowledge of distributed systems security, API security, and secure data-pipeline design

  • Proficiency in backend development (Node.js, TypeScript, Python, or Go) and willingness to work across the stack when needed

  • Excellent communication skills, able to build alignment across engineering, product, and leadership teams

Bonus points

  • Experience securing AI/ML inference paths, API gateways, or high-volume public APIs

  • Experience building behavioral-signal or fingerprinting platforms used by trust & safety or abuse teams

  • Contributions to open-source security tools or research

  • Experience leading security incident response end-to-end, including blameless postmortems at a company with meaningful external exposure

Similar jobs

Product Security Engineer

StackAIUnited States· 1 mo ago
RemoteInformation Technology$157k–$220k/yrapply on jobs.ashbyhq.com

Product Security Engineer

CedarUnited States· 2 wk ago
RemoteInformation Technology$157k–$199k/yrapply on boards.greenhouse.io