Product Security Engineer
Product Security Engineers at AI companies sit within engineering organizations and own security across the software development lifecycle—threat modeling, secure code review, vulnerability management, and the security-relevant tooling that engineers depend on. In practice at AI companies, the role frequently extends past pure application security into the surrounding infrastructure and identity layers: securing CI/CD pipelines, designing IAM and secrets management for application access, and reviewing the cloud architecture the application runs on. The boundary with the infrastructure-side security role is genuinely blurry across the population, with most engineers in this slug doing both. AI-specific surfaces—LLM input handling, agent and tool-use boundaries, model-pipeline integrity—are emerging as a meaningful part of the work but sit alongside, not in place of, classical product security. These roles typically sit within security or product engineering organizations, partnering directly with developers to embed security into the build.
Skills
What companies are looking for in this role.
Designing secure software and hardware system architectures for mission-critical platforms
Conducting threat modeling and risk assessments for complex systems
Integrating security requirements throughout software development lifecycle processes
Building and implementing abuse detection systems at scale
Performing code security analysis and vulnerability scanning
Developing and maintaining comprehensive threat models of software systems
Implementing secure multi-tenant SaaS application architecture and tenant isolation
Building kernel-level security detection systems and endpoint monitoring solutions
Designing authentication and authorization protocols for enterprise systems
Designing automated response mechanisms and policy enforcement systems
Implementing software supply chain security and managing software artifacts securely
Conducting security code reviews and applying security patterns across codebases
Building and operating security detection tooling and infrastructure platforms
Integrating security scanning tools into continuous integration and deployment pipelines
Assessing and mitigating third-party integration security risks
Defining and implementing secure software development lifecycle processes
Analyzing attack patterns and translating findings into detection rules and improvements
Building security infrastructure that consumes hardware-based trust primitives
Architecting scalable data pipelines for security telemetry processing
Designing and implementing large language model guardrails and safety mechanisms
Building AI-powered detection systems that identify malicious patterns and classify threats
Architecting agentic system security controls including sandboxing and access control
Implementing model provenance, signing, and artifact integrity verification
Collaborating with cross-functional engineering and infrastructure teams on security integration
Establishing secure engineering standards and security mentorship programs across organizations
Communicating complex security concepts to diverse technical and non-technical audiences
Driving organizational alignment on security strategy and architecture decisions
Mentoring junior security engineers and fostering security culture
Balancing security requirements with product velocity and user experience
Supporting enterprise sales and compliance questionnaire responses
Technology
The tools and technologies that define this role.
Open Jobs
50 open Product Security Engineer jobs across 31 companies.
Other Engineering roles
General-purpose software engineering roles focused on building and maintaining software systems. Covers generalist SWE positions that don't clearly fall into frontend, backend, fullstack, or other specialized tracks.
Engineers focused on server-side systems, APIs, services, and data processing pipelines. Includes roles explicitly labeled as backend or server-side development.
Engineers specializing in user-facing interfaces, web applications, and client-side development. Includes UI/UX engineering and web development roles.
Engineers working across the entire application stack, handling both frontend and backend responsibilities.
Engineers building and maintaining internal platforms, cloud infrastructure, compute systems, and developer tooling.