Principal Security Engineer, Product – AI

This is a fully remote position, open to applicants in United States.

📋 Description

• Oversee product security engineering for our payment platform by managing threat modeling, conducting security architecture reviews, implementing secure SDLC practices, and ensuring API security throughout the engineering organization.

• Contribute to the advancement of our AI security program by developing genAI controls, securing ML pipelines, and collaborating with the Model Risk Office for model assessments.

• Provide oversight for security architecture encompassing infrastructure and enterprise security—covering endpoint, network, VPN, and corporate security controls—ensuring technical standards are aligned across all security areas.

• Influence the scalability of security engineering across the organization through the development of tooling, frameworks, engagement with security champions, and partnerships within engineering.

⛳️ Requirements

• A minimum of 10 years of experience in security engineering with proven technical leadership across various security domains; or an equivalent mix of education and experience.

• Extensive knowledge in product security, including threat modeling, security architecture reviews, secure code assessments, API security, authentication/authorization design, and secure SDLC practices.

• Experience or a strong passion for AI/ML security—familiarity with risks such as adversarial attacks, model poisoning, prompt injection, data privacy, and threats to the AI supply chain. We seek someone who is genuinely enthusiastic about AI technology and is committed to its security, rather than merely its governance.

• Comprehensive security knowledge across infrastructure and enterprise security—covering endpoint protection, network security, identity management, and cloud security—even if your primary expertise lies in application and product security.

• Experience in cloud-native environments (AWS preferred) and knowledge of AI/ML services (such as Bedrock and SageMaker).

• Demonstrated ability to create security frameworks, tools, and programs from inception.

• Proficient programming skills in at least one language (Python, Java, Go, or similar) with the ability to read and assess code in multiple programming languages.

• Familiarity with security assessment methodologies and risk management frameworks.

• Working knowledge of compliance and control frameworks pertinent to financial services (PCI DSS, SOX, SOC2, NIST CSF).

• Capability to convey complex security risks to both technical and executive audiences.

🏝️ Benefits

• Multiple health insurance options.

• Flexible time off – take what you need.

• Retirement savings program with company contributions and after-tax contributions.

• Equity in a publicly-traded company along with an Employee Stock Purchase Program.

• Family-forming benefits, fertility assistance, and up to 20 weeks of Parental Leave.

• Complimentary therapy sessions, financial and professional coaching, and legal advice.

• Monthly stipend to support our remote work model.

• Annual “development dollars” to facilitate our employees' growth and development.

• Through Flex First, enjoy the flexibility to live and work wherever you and your family thrive.