Jobs · Information Technology · California

Product Security Engineer

StackAI · San Francisco, CA · 1 mo ago
HybridInformation Technology$157k–$220k/yrFull-time

About The Role

At StackAI, security is how we earn the trust of the enterprises building AI assistants on our platform. We're hiring a hands-on (Senior) Product Security Engineer to design, build, and harden the secure architecture at the core of the product, working as a technical partner to our Core engineering lead. This is a hands-on engineering role.

What You'll Do

  • Own encryption and signing. Take ownership of our KMS, key management, BYOK, envelope encryption, and signing pipeline across both cloud and on-prem deployments—operating, hardening, and evolving them as the platform scales.

  • Protect the most sensitive customer data. Extend our PHI/PII scrubbing and strengthen the data-protection foundations that regulated enterprises already rely on.

  • Secure the storage layer. Own encryption at rest and tenant isolation.

  • Keep security the default in how we ship. Maintain and expand the secure-by-default templates and reference implementations embedded in our SDLC—the ones engineers actually want to adopt.

  • Threat-model the platform. Lead threat modeling on the seams between systems (the execution engine, connector trust boundaries, and multi-tenant isolation), using modern, AI-assisted threat-modeling tooling.

  • Raise the bar on tooling. Push our scanning further on coverage, signal, and CI enforcement, so critical findings never reach production.

  • Be the technical point of contact for security standards. Translate audit, compliance, and incident-response requirements into real implementation in our codebase.

What We're Looking For

  • 4+ years building security-critical systems in production, with significant time spent implementing, not only reviewing or assessing.

  • Practical depth in cryptography and key management: encryption, KMS, secrets handling, and signing in real systems.

  • Secure architecture judgment: you can design and reason about secure systems and hold your own as a technical peer with senior engineers.

  • Multi-tenant SaaS isolation experience, including the data-isolation guarantees regulated customers require.

  • Strong secure-coding skills in our stack: Python on the backend, TypeScript/Node.js on the product surfaces.

  • Comfortable wiring security checks and gates into CI/CD so security is enforced automatically in the pipeline.

Bonus Points

  • Cloud and API security fundamentals on GCP, Azure, or AWS.

  • Securing on-prem, self-hosted, or air-gapped deployments.

  • Experience in regulated domains (healthcare/PHI, finance, etc.).

  • Familiarity with AI/LLM platform security: agent execution, connector trust boundaries, prompt and tool-call risk.

  • Startup or growth-stage experience.

Compensation Range

$157K - $220K

Similar jobs

Product Security Engineer

Aras CorporationAndover, MA· 2 wk ago
Information Technology$100k–$125k/yrapply on aras.bamboohr.com

Product Security Engineer

ID.meSan Francisco Bay Area· 3 wk ago
Information Technology$168k–$200k/yrapply on job-boards.greenhouse.io