Leads product security strategy, designs and implements identity, auth, and secure inference paths for a large-scale AI evaluation platform. Requires 6+ years securing user-facing systems with backend proficiency and threat modeling expertise.
210k – 320k/yr
Hybrid6+ YOESecurity Engineering
About the role
Responsibilities
Own the product security vision for Arena, ensuring security and trust are core to every stage of our product lifecycle
Design and implement the identity, authentication, authorization, and account-lifecycle systems that protect Arena against credential stuffing, account takeover, and API-key compromise
Secure the model inference path end-to-end — provider credential handling, API gateway, rate limiting, quota enforcement, and protections against secret and prompt exfiltration
Lead threat modeling and security architecture reviews for new and existing product features
Collaborate with infrastructure and product engineering to design secure APIs, data flows, and identity systems that scale
Improve developer velocity by creating secure-by-default frameworks, libraries, and tooling for internal teams
Apply adversarial thinking to continuously test and evolve platform defenses
Partner with incident response to quickly assess, contain, and remediate security events, and lead deep postmortems to improve defenses
Stay ahead of the curve by monitoring emerging attack techniques and applying cutting-edge security research to our platform
Mentor engineers across the company on secure coding practices, architecture trade-offs, and operational security
Requirements
6+ years of experience in software engineering or security engineering, including staff-level scope in securing large-scale, user-facing platforms
Strong experience with threat modeling, secure architecture design, and risk assessment
Hands-on experience building security features into production systems at scale (millions of DAU / billions of requests)
Deep knowledge of authentication, authorization, and identity systems, including session management and credential-abuse resistance
Strong knowledge of distributed systems security, API security, and secure data-pipeline design
Proficiency in backend development (Node.js, TypeScript, Python, or Go) and willingness to work across the stack when needed
Excellent communication skills, able to build alignment across engineering, product, and leadership teams
Nice-to-Haves
Experience securing AI/ML inference paths, API gateways, or high-volume public APIs
Experience building behavioral-signal or fingerprinting platforms used by trust & safety or abuse teams
Contributions to open-source security tools or research
Background in securing real-time, interactive platforms at scale
Experience leading security incident response end-to-end, including blameless postmortems at a company with meaningful external exposure
Third Party Risk Management and Customer Trust Lead
ReplitFoster City, CA
Lead substantive third-party risk management and customer trust programs at Replit, independently assessing vendor and AI model risks via SOC 2 reviews, architecture analysis, and contract redlining in partnership with Legal. Requires 8+ years GRC experience building scalable TPRM processes.
210k – 270k/yr
Hybrid8+ YOESecurity Engineering
Lead Security Engineer
AlembicSan Francisco, CA
Lead Security Engineer to own end-to-end system, network, and host security for an on-prem Kubernetes-based AI factory. Design controls, lead incident response, balance open culture with IP/customer data protection; requires 8+ years security engineering with deep Kubernetes, on-prem, and incident experience.
210k – 240k/yr
On-site8+ YOESecurity Engineering
Sr. Engineering Manager, Application Security
BettermentNew York, NY
Senior Engineering Manager leading Application Security squad to build secure software by default through threat modeling, design reviews, vulnerability management, and developer tooling. Requires hands-on team leadership and expertise across the AppSec stack.
210k – 250k/yr
Hybrid7+ YOESecurity Engineering
Senior Software Engineer, Fraud
ReplitFoster City, CA
Build and operate AI-powered fraud and abuse detection systems on Replit's agentic platform. Design LLM guardrails, ML classifiers, and automated response mechanisms to combat phishing, cryptomining, and platform exploitation.
210k – 265k/yr
Hybrid4+ YOESecurity Engineering
Senior Software Engineer, Risk
ReplitFoster City, CA
Build and operate AI-powered abuse detection and response systems to protect Replit's platform from phishing, cryptomining, fraud, and LLM-specific attacks. Requires 4+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.