[Remote] Product Security Engineer

Note: The job is a remote job and is open to candidates in USA. StackAI is focused on building trust with enterprises developing AI assistants on their platform, and they are seeking a hands-on Senior Product Security Engineer. The role involves designing and hardening secure architecture, owning security-critical systems, and ensuring security is integrated into the development lifecycle.

Responsibilities

• Own encryption and signing. Take ownership of our KMS, key management, BYOK, envelope encryption, and signing pipeline across both cloud and on-prem deployments—operating, hardening, and evolving them as the platform scales
• Protect the most sensitive customer data. Extend our PHI/PII scrubbing and strengthen the data-protection foundations that regulated enterprises already rely on
• Secure the storage layer. Own encryption at rest and tenant isolation
• Keep security the default in how we ship. Maintain and expand the secure-by-default templates and reference implementations embedded in our SDLC—the ones engineers actually want to adopt
• Threat-model the platform. Lead threat modeling on the seams between systems (the execution engine, connector trust boundaries, and multi-tenant isolation), using modern, AI-assisted threat-modeling tooling
• Raise the bar on tooling. Push our scanning further on coverage, signal, and CI enforcement, so critical findings never reach production
• Be the technical point of contact for security standards. Translate audit, compliance, and incident-response requirements into real implementation in our codebase

Skills

• 4+ years building security-critical systems in production, with significant time spent implementing, not only reviewing or assessing
• Practical depth in cryptography and key management: encryption, KMS, secrets handling, and signing in real systems
• Secure architecture judgment: you can design and reason about secure systems and hold your own as a technical peer with senior engineers
• Multi-tenant SaaS isolation experience, including the data-isolation guarantees regulated customers require
• Strong secure-coding skills in our stack: Python on the backend, TypeScript/Node.js on the product surfaces
• Comfortable wiring security checks and gates into CI/CD so security is enforced automatically in the pipeline
• Cloud and API security fundamentals on GCP, Azure, or AWS
• Securing on-prem, self-hosted, or air-gapped deployments
• Experience in regulated domains (healthcare/PHI, finance, etc.)
• Familiarity with AI/LLM platform security: agent execution, connector trust boundaries, prompt and tool-call risk
• Startup or growth-stage experience

Company Overview

Company H1B Sponsorship