Founding Product Security Engineer
About the role
Arena Intelligence is seeking a Founding Product Security Engineer to lead the strategy, design, and hands-on implementation of the systems that protect Arena from attackers and keep our platform trustworthy as we scale. You will work across product, infrastructure, and data pipelines to proactively identify risks, embed security into core features, and build the platform primitives — identity, session, behavioral signals, secure APIs, model-inference-path controls — that every other team at Arena builds on top of. This is a builder role. Your work will directly influence how the world's top AI labs, developers, and millions of users experience Arena, ensuring we remain resilient against real-world attacks and evolving threats.
Responsibilities
Own the product security vision for Arena, ensuring security and trust are core to every stage of our product lifecycle
Design and implement the identity, authentication, authorization, and account-lifecycle systems that protect Arena against credential stuffing, account takeover, and API-key compromise
Secure the model inference path end-to-end — provider credential handling, API gateway, rate limiting, quota enforcement, and protections against secret and prompt exfiltration
Lead threat modeling and security architecture reviews for new and existing product features
Collaborate with infrastructure and product engineering to design secure APIs, data flows, and identity systems that scale
Improve developer velocity by creating secure-by-default frameworks, libraries, and tooling for internal teams
Apply adversarial thinking to continuously test and evolve platform defenses
Stay ahead of the curve by monitoring emerging attack techniques and applying cutting-edge security research to our platform
Mentor engineers across the company on secure coding practices, architecture trade-offs, and operational security
Requirements
6+ years of experience in software engineering or security engineering, including staff-level scope in securing large-scale, user-facing platforms
Strong experience with threat modeling, secure architecture design, and risk assessment
Hands-on experience building security features into production systems at scale (millions of DAU / billions of requests)
Deep knowledge of authentication, authorization, and identity systems, including session management and credential-abuse resistance
Strong knowledge of distributed systems security, API security, and secure data-pipeline design
Proficiency in backend development (Node.js, TypeScript, Python, or Go) and willingness to work across the stack when needed
Excellent communication skills, able to build alignment across engineering, product, and leadership teams
Bonus points
Experience securing AI/ML inference paths, API gateways, or high-volume public APIs
Experience building behavioral-signal or fingerprinting platforms used by trust & safety or abuse teams
Contributions to open-source security tools or research
Experience leading security incident response end-to-end, including blameless postmortems at a company with meaningful external exposure