Skip to content
SecRoles

Product Security Engineer

StackAISan Francisco, CA, US · New York, NY, US · USJune 12, 2026
Hybrid
Full-time
Security Engineering
Senior · 4+ yrs

About the role

At StackAI, security is how we earn the trust of the enterprises building AI assistants on our platform. We're hiring a hands-on (Senior) Product Security Engineer to design, build, and harden the secure architecture at the core of the product, working as a technical partner to our Core engineering lead.

This is a hands-on engineering role. You'll write production code and own the security-critical systems the whole platform depends on: encryption and key management, customer data protection, and how security is built into the way every team ships.

If you want deep ownership of these systems and the chance to harden and scale them as the platform grows, we'd love to meet you.

What you'll do

  • Own encryption and signing. Take ownership of our KMS, key management, BYOK, envelope encryption, and signing pipeline across both cloud and on-prem deployments—operating, hardening, and evolving them as the platform scales.

  • Protect the most sensitive customer data. Extend our PHI/PII scrubbing and strengthen the data-protection foundations that regulated enterprises already rely on.

  • Secure the storage layer. Own encryption at rest and tenant isolation.

  • Keep security the default in how we ship. Maintain and expand the secure-by-default templates and reference implementations embedded in our SDLC—the ones engineers actually want to adopt.

  • Threat-model the platform. Lead threat modeling on the seams between systems (the execution engine, connector trust boundaries, and multi-tenant isolation), using modern, AI-assisted threat-modeling tooling.

  • Raise the bar on tooling. Push our scanning further on coverage, signal, and CI enforcement, so critical findings never reach production.

  • Be the technical point of contact for security standards. Translate audit, compliance, and incident-response requirements into real implementation in our codebase.

What we're looking for

  • 4+ years building security-critical systems in production, with significant time spent implementing, not only reviewing or assessing.

  • Practical depth in cryptography and key management: encryption, KMS, secrets handling, and signing in real systems.

  • Secure architecture judgment: you can design and reason about secure systems and hold your own as a technical peer with senior engineers.

  • Multi-tenant SaaS isolation experience, including the data-isolation guarantees regulated customers require.

  • Strong secure-coding skills in our stack: Python on the backend, TypeScript/Node.js on the product surfaces.

  • Comfortable wiring security checks and gates into CI/CD so security is enforced automatically in the pipeline.

Security engineering is broad. If you're strong on most of this and excited to grow into the rest, we'd like to hear from you, even if you don't check every box.
Bonus points

  • Cloud and API security fundamentals on GCP, Azure, or AWS.

  • Securing on-prem, self-hosted, or air-gapped deployments.

  • Experience in regulated domains (healthcare/PHI, finance, etc.).

  • Familiarity with AI/LLM platform security: agent execution, connector trust boundaries, prompt and tool-call risk.

  • Startup or growth-stage experience.

Job Details

Salary

$120,000 – $200,000/yr

Experience

Senior · 4+ yrs

Tools & Tech

Azure
GCP
Node.js
Python
TypeScript
Apply