# Security Engineer, Anti-Abuse

**Company:** [Arena](https://hotfix.jobs/companies/arena)
**Location:** San Francisco, CA, California
**Role:** Security Engineering
**Experience:** 6+ years
**Skills:** SQL, Node.js, TypeScript, Python, Go, Llm Security, Jailbreak Detection, Bot Detection, Sybil Detection, Data Analysis
**Posted:** 2026-04-22

> Builds detection, enforcement, and investigation systems to protect AI evaluation platform from abuse, bots, sybils, rating manipulation, and AI-specific harms like jailbreaks. Requires 6+ years production engineering under adversarial conditions, strong SQL, backend proficiency.

## Job Description

## Responsibilities

- Own the abuse vision for Arena: what gets detected, what gets enforced, how fast, and with what false-positive budget
- Design and operate detection for bots, sybils, coordinated inauthentic voting, and rating-system manipulation
- Build enforcement primitives (rate limits, challenges, shadowbans, account actions, model-side refusals) that are reversible, auditable, and humane
- Detect and mitigate inference abuse and cost exploitation at the platform layer
- Build jailbreak and multi-provider misuse detection across the models Arena serves, and partner with model-provider trust & safety teams on signal-sharing and escalation
- Scope and implement abuse monitoring for every new product launch — web search, web fetch, live site deployment, and whatever's next — as part of the launch checklist
- Prototype and mature into production systems of detection, review, and enforcement for the highest-severity harms (CSAM/NCII, violent extremism, self-harm), including the legal reporting pipeline (e.g., NCMEC)
- Build internal investigator tooling so policy, on-call, and future T&S analysts can triage incidents without engineering bottleneck
- Partner with Security on shared surface — account takeover, credential stuffing, API-key abuse, and the identity/behavioral-signal platform
- Partner with policy, legal, and leadership on acceptable-use policy, enforcement escalations, and public-integrity narrative

## Requirements

- 6+ years of production software engineering experience, including building and operating systems under adversarial conditions
- Shipped experience in at least one of: trust & safety, anti-abuse, anti-fraud, anti-spam, integrity, or risk engineering
- Strong SQL and data-analysis skills — this role is 30%+ pattern-finding and investigation, not just shipping code
- Adversarial and investigative mindset — you can articulate a novel attack before designing the defense, and follow evidence when a novel harm surfaces
- High judgment on false-positive cost, user harm, and the reversibility of enforcement actions
- Proficiency in a modern backend language (**Node.js**, **TypeScript**, **Python**, or **Go**)
- Excellent communication — you'll build alignment with engineering, product, policy, and leadership routinely

## Nice-to-Haves

- Experience with LLM-specific adversarial inputs — jailbreaks, direct and indirect prompt injection, tool-use abuse
- Experience with agent safety, browser-automation abuse, or LLM-API abuse
- Background in securing voting, rating, reputation, or marketplace platforms against coordinated manipulation
- ML or ML-systems experience — feature engineering, online/offline evaluation, label acquisition, drift handling
- Experience building investigator or analyst tooling used by non-engineers
- Contributions to open-source trust & safety, abuse-detection, or adversarial-ML work
- Background in gaming integrity, ad-fraud, or financial-crime engineering at scale

## Similar roles

- [Senior Software Engineer](https://hotfix.jobs/jobs/2ad28874-4486-42ff-949a-ec54985c2762) - Snowflake - Bellevue, WA - $200k – $288k/yr
- [Software Security Engineering Manager, Secure Frameworks](https://hotfix.jobs/jobs/26e1ecde-76c2-491f-951c-78e9c075c076) - Anthropic - San Francisco, CA - $405k – $485k/yr
- [Founding Security Engineer](https://hotfix.jobs/jobs/6deb6526-e0c3-42a9-9c29-360c4354d869) - Forus - New York, NY
- [Manager, Supply Chain Protection & Loss Intelligence](https://hotfix.jobs/jobs/9e3a84ce-58cf-480f-bf1d-6fefa2cf89bf) - Flexport - Miami, FL
- [Physical Security Manager](https://hotfix.jobs/jobs/053f4772-7be2-438c-b890-e7752ae44a12) - Crusoe - Dallas, TX

**Apply:** https://hotfix.jobs/jobs/3cf13926-055f-4040-ab92-d8d2abe9c25c
**Canonical:** https://hotfix.jobs/jobs/3cf13926-055f-4040-ab92-d8d2abe9c25c