Skip to content
ArenaArenaSan Francisco, CA

Founding Product Security Engineer

Leads product security strategy, designs and implements identity, auth, and secure inference paths for a large-scale AI evaluation platform. Requires 6+ years securing user-facing systems with backend proficiency and threat modeling expertise.

210k – 320k/yr
Hybrid6+ YOESecurity Engineering

About the role

Responsibilities

  • Own the product security vision for Arena, ensuring security and trust are core to every stage of our product lifecycle
  • Design and implement the identity, authentication, authorization, and account-lifecycle systems that protect Arena against credential stuffing, account takeover, and API-key compromise
  • Secure the model inference path end-to-end — provider credential handling, API gateway, rate limiting, quota enforcement, and protections against secret and prompt exfiltration
  • Lead threat modeling and security architecture reviews for new and existing product features
  • Collaborate with infrastructure and product engineering to design secure APIs, data flows, and identity systems that scale
  • Improve developer velocity by creating secure-by-default frameworks, libraries, and tooling for internal teams
  • Apply adversarial thinking to continuously test and evolve platform defenses
  • Partner with incident response to quickly assess, contain, and remediate security events, and lead deep postmortems to improve defenses
  • Stay ahead of the curve by monitoring emerging attack techniques and applying cutting-edge security research to our platform
  • Mentor engineers across the company on secure coding practices, architecture trade-offs, and operational security

Requirements

  • 6+ years of experience in software engineering or security engineering, including staff-level scope in securing large-scale, user-facing platforms
  • Strong experience with threat modeling, secure architecture design, and risk assessment
  • Hands-on experience building security features into production systems at scale (millions of DAU / billions of requests)
  • Deep knowledge of authentication, authorization, and identity systems, including session management and credential-abuse resistance
  • Strong knowledge of distributed systems security, API security, and secure data-pipeline design
  • Proficiency in backend development (Node.js, TypeScript, Python, or Go) and willingness to work across the stack when needed
  • Excellent communication skills, able to build alignment across engineering, product, and leadership teams

Nice-to-Haves

  • Experience securing AI/ML inference paths, API gateways, or high-volume public APIs
  • Experience building behavioral-signal or fingerprinting platforms used by trust & safety or abuse teams
  • Contributions to open-source security tools or research
  • Background in securing real-time, interactive platforms at scale
  • Experience leading security incident response end-to-end, including blameless postmortems at a company with meaningful external exposure

Skills

Threat ModelingAuthenticationAuthorizationIdentity SystemsApi SecurityNode.jsTypeScriptPythonGoDistributed SystemsApi GatewayRate LimitingSecure CodingIncident ResponseSecurity Architecture
Replit

Third Party Risk Management and Customer Trust Lead

ReplitFoster City, CA

Lead substantive third-party risk management and customer trust programs at Replit, independently assessing vendor and AI model risks via SOC 2 reviews, architecture analysis, and contract redlining in partnership with Legal. Requires 8+ years GRC experience building scalable TPRM processes.

210k – 270k/yr
Hybrid8+ YOESecurity Engineering
Alembic

Lead Security Engineer

AlembicSan Francisco, CA

Lead Security Engineer to own end-to-end system, network, and host security for an on-prem Kubernetes-based AI factory. Design controls, lead incident response, balance open culture with IP/customer data protection; requires 8+ years security engineering with deep Kubernetes, on-prem, and incident experience.

210k – 240k/yr
On-site8+ YOESecurity Engineering
Betterment

Sr. Engineering Manager, Application Security

BettermentNew York, NY

Senior Engineering Manager leading Application Security squad to build secure software by default through threat modeling, design reviews, vulnerability management, and developer tooling. Requires hands-on team leadership and expertise across the AppSec stack.

210k – 250k/yr
Hybrid7+ YOESecurity Engineering
Replit

Senior Software Engineer, Fraud

ReplitFoster City, CA

Build and operate AI-powered fraud and abuse detection systems on Replit's agentic platform. Design LLM guardrails, ML classifiers, and automated response mechanisms to combat phishing, cryptomining, and platform exploitation.

210k – 265k/yr
Hybrid4+ YOESecurity Engineering
Replit

Senior Software Engineer, Risk

ReplitFoster City, CA

Build and operate AI-powered abuse detection and response systems to protect Replit's platform from phishing, cryptomining, fraud, and LLM-specific attacks. Requires 4+ years in security/anti-abuse and strong Python/TypeScript + SQL skills.

210k – 265k/yr
Hybrid4+ YOESecurity Engineering