Product Security Engineer
Product Security Engineers at AI companies sit within engineering organizations and own security across the software development lifecycle—threat modeling, secure code review, vulnerability management, and the security-relevant tooling that engineers depend on. In practice at AI companies, the role frequently extends past pure application security into the surrounding infrastructure and identity layers: securing CI/CD pipelines, designing IAM and secrets management for application access, and reviewing the cloud architecture the application runs on. The boundary with the infrastructure-side security role is genuinely blurry across the population, with most engineers in this slug doing both. AI-specific surfaces—LLM input handling, agent and tool-use boundaries, model-pipeline integrity—are emerging as a meaningful part of the work but sit alongside, not in place of, classical product security. These roles typically sit within security or product engineering organizations, partnering directly with developers to embed security into the build.
Skills
What companies are looking for in this role.
Designing and implementing security controls for infrastructure, compute, and identity systems across cloud platforms
Conducting threat modeling and security architecture assessments for complex systems and applications
Integrating security controls into CI/CD pipelines and infrastructure-as-code workflows
Implementing vulnerability scanning and remediation workflows including static and dynamic analysis tools
Conducting in-depth security code reviews and identifying exploitable vulnerabilities
Building and maintaining scalable data pipelines for security telemetry, logs, and observability
Architecting secure-by-default infrastructure using kernel-level security mechanisms and runtime policies
Designing and operationalizing secure software development lifecycle practices and processes
Building detection and response systems for identifying and remediating security threats at scale
Managing software supply chain security including artifact signing, provenance tracking, and dependency analysis
Designing and implementing abuse detection systems and automated enforcement mechanisms
Establishing and operating penetration testing programs and red team exercises
Building endpoint detection and response systems including kernel-based sensors
Conducting digital forensics investigations and supporting incident response workflows
Designing privacy-preserving systems and implementing data anonymization frameworks
Designing and implementing security controls for AI and machine learning systems and agents
Building guardrails and detection mechanisms for large language models and AI-generated content
Architecting agent security frameworks including sandboxing, permissioning, and execution boundaries
Implementing security controls for AI model artifact storage, data lineage, and model signing
Developing threat models and security strategies specific to machine learning pipelines and model training
Building security systems for agentic workflows including input validation and output monitoring
Designing attestation verification systems and consuming trust primitives from hardware
Collaborating with cross-functional engineering and product teams to embed security into systems from design phase
Translating complex security requirements and regulatory constraints into scalable technical solutions
Communicating security vulnerabilities and architectural risks clearly to technical and non-technical stakeholders
Mentoring engineers and driving security adoption across organizations
Building and rolling out security programs from inception including tooling, standards, and policies
Driving multi-month security initiatives independently from problem definition through execution
Evaluating and assessing third-party security tools, vendors, and platforms
Open Jobs
50 open Product Security Engineer jobs across 26 companies.
Other Engineering roles
General-purpose software engineering roles focused on building and maintaining software systems. Covers generalist SWE positions that don't clearly fall into frontend, backend, fullstack, or other specialized tracks.
Engineers focused on server-side systems, APIs, services, and data processing pipelines. Includes roles explicitly labeled as backend or server-side development.
Engineers specializing in user-facing interfaces, web applications, and client-side development. Includes UI/UX engineering and web development roles.
Engineers working across the entire application stack, handling both frontend and backend responsibilities.
Engineers building and maintaining internal platforms, cloud infrastructure, compute systems, and developer tooling.