Software Engineer, Security
Security engineer owning cross-cutting auth, authorization, and AI guardrail programs across product and infrastructure. Requires 10+ years shipping security-critical infrastructure and experience with AI/LLM protections.
What You'll Achieve
- Modernize and migrate authentication across Notion’s product surfaces (SAML/OIDC, OAuth flows, session semantics, passkeys, CSP, redirect handling), landing multi-quarter changes with clear rollout plans and minimal customer disruption.
- Build and operate Notion’s AI safety guardrail stack, including prompt-injection protections (vendor evaluation, deployment model decisions, integration with agents) and an external-source provenance system for AI-generated content across Mail, Calendar, and MCP.
- Advance our authorization platform direction by driving crisp architectural trade-offs (e.g., SpiceDB vs. Macaroons) and shipping reusable primitives that product teams can adopt without bespoke security work.
- By day 90: own one P0 security program end-to-end—RFC, rollout plan, partner alignment, execution, and measurable risk reduction—plus ship one piece of AI leverage (e.g., an internal security agent for triage/verification/continuous checks) that improves correctness and reduces time-to-resolution.
- By end of year 1: raise the bar on security engineering craft by setting clearer standards for secure primitives (auth/authz, provenance, domain posture), improving adoption paths for partner teams, and reducing recurring classes of vulnerabilities through better systems—not heroics.
Skills You'll Need to Bring
- Demonstrated ability to ship security-critical infrastructure in production systems (identity/authentication, authorization, platform primitives), including migrations that affect customers and require careful rollout and backwards compatibility.
- Strong judgment navigating ambiguous trade-offs (security vs. product velocity, correctness vs. ergonomics, centralized platforms vs. local autonomy), with a track record of writing clear RFCs and aligning cross-functional stakeholders.
- Experience building or operating AI/LLM security protections (e.g., prompt injection, tool/data provenance, policy enforcement) or a clear ability to ramp quickly and lead in an emerging domain.
- High agency and systems mindset: you proactively find the real constraint, unblock partner teams, and build primitives that compound across the org (not one-off fixes).
- Comfort mentoring and multiplying others—through intern/project ownership, enablement sessions, and pragmatic security guidance that engineers actually adopt.
Principal Infrastructure Security Engineer
Lead security architecture for Crusoe's AI cloud infrastructure, driving zero-trust adoption, workload identity, supply chain security, and hardware-to-software protections at hyperscale. Requires 12+ years infrastructure security experience at a major cloud provider.
Sr. Manager, Security Engineering
Lead the Security Engineering team responsible for defending the organization and product infrastructure. Manage Application, Infrastructure, and Corporate security while staying hands-on with alert triage, detection, and architectural design.
Systems Software Engineer, Security, First Party Hardware
Security Engineer owning end-to-end hardware, firmware, and system security for OpenAI's first-party AI accelerators and servers. Requires 7+ years in hardware/embedded security and strong systems programming skills.
Member of Technical Staff, Trust & Safety Engineer
Trust & Safety Engineer building red teaming systems, content moderation infrastructure, and safety tooling for generative AI models. Requires 3+ years software engineering experience with Python/TypeScript and comfort across the stack from model evals to AWS/GCP infrastructure.
Security Controls Assurance Lead
Lead security controls assurance for AI systems, defining control frameworks and requirements for autonomous AI operators while collaborating with engineering to validate implementations against compliance standards.