[Remote] Product Security Engineer
Note: The job is a remote job and is open to candidates in USA. StackAI is focused on building trust with enterprises developing AI assistants on their platform, and they are seeking a hands-on Senior Product Security Engineer. The role involves designing and hardening secure architecture, owning security-critical systems, and ensuring security is integrated into the development lifecycle.
Responsibilities
- Own encryption and signing. Take ownership of our KMS, key management, BYOK, envelope encryption, and signing pipeline across both cloud and on-prem deployments—operating, hardening, and evolving them as the platform scales
- Protect the most sensitive customer data. Extend our PHI/PII scrubbing and strengthen the data-protection foundations that regulated enterprises already rely on
- Secure the storage layer. Own encryption at rest and tenant isolation
- Keep security the default in how we ship. Maintain and expand the secure-by-default templates and reference implementations embedded in our SDLC—the ones engineers actually want to adopt
- Threat-model the platform. Lead threat modeling on the seams between systems (the execution engine, connector trust boundaries, and multi-tenant isolation), using modern, AI-assisted threat-modeling tooling
- Raise the bar on tooling. Push our scanning further on coverage, signal, and CI enforcement, so critical findings never reach production
- Be the technical point of contact for security standards. Translate audit, compliance, and incident-response requirements into real implementation in our codebase
Skills
- 4+ years building security-critical systems in production, with significant time spent implementing, not only reviewing or assessing
- Practical depth in cryptography and key management: encryption, KMS, secrets handling, and signing in real systems
- Secure architecture judgment: you can design and reason about secure systems and hold your own as a technical peer with senior engineers
- Multi-tenant SaaS isolation experience, including the data-isolation guarantees regulated customers require
- Strong secure-coding skills in our stack: Python on the backend, TypeScript/Node.js on the product surfaces
- Comfortable wiring security checks and gates into CI/CD so security is enforced automatically in the pipeline
- Cloud and API security fundamentals on GCP, Azure, or AWS
- Securing on-prem, self-hosted, or air-gapped deployments
- Experience in regulated domains (healthcare/PHI, finance, etc.)
- Familiarity with AI/LLM platform security: agent execution, connector trust boundaries, prompt and tool-call risk
- Startup or growth-stage experience
Company Overview
Company H1B Sponsorship