StackAI Verified
Artificial Intelligence, Machine Learning, Software Development, SaaS
Security Engineer
New York, New York, United StatesRemoteFull Time$100,000–$160,000 /yrPosted 2 months agoHidden Gem · YC Startup
Role summary
StackAI is seeking a hands-on Security Engineer to lead their security strategy across infrastructure, applications, and processes. This role involves designing and implementing security frameworks, building and managing a security team, and embedding security into the development lifecycle. The ideal candidate will have 4+ years of experience in security engineering, leadership experience in high-growth environments, strong risk and threat management skills, and expertise in cloud security (GCP, Azure, AWS) and API security. Familiarity with secure coding practices (JavaScript/TypeScript, Go, Node.js) and DevSecOps is also required. The position emphasizes compliance (SOC 2, ISO 27001) and incident response readiness.
## About this role
At StackAI, security is at the heart of empowering companies to build AI assistants quickly and securely. We’re looking for a hands-on security engineer to design and drive our security strategy across infrastructure, applications, and processes. You’ll build and lead a world-class security team, embed security into our development lifecycle, and ensure we meet the highest standards of compliance and customer trust. If you thrive in high-growth environments and want to shape the future of AI security, we’d love to meet you.
## Responsibilities
* **Design and Implement Security Frameworks**\
Drive the creation and execution of security measures across both infrastructure and application layers (Render.com, Vercel, GCP, Azure, Kubernetes), ensuring StackAI remains secure as we scale rapidly.
* **Shape the Security Vision**\
Define and roll out a comprehensive security strategy, embedding best practices across engineering and product teams to safeguard data and systems.
* **Build and Lead the Security Organization**\
Recruit, mentor, and manage a high-performing security team while fostering a culture of technical excellence and proactive defense.
* **Integrate Security into Development**\
Partner with engineering teams to embed security into CI/CD pipelines and the entire software development lifecycle, making security a core part of how we build.
* **Manage External Security Partnerships**\
Oversee relationships with penetration testing firms, compliance auditors, and security vendors to strengthen our defenses and maintain trust.
* **Support Customer and Partner Trust**\
Work closely with customer-facing teams to clearly communicate StackAI’s security posture, compliance commitments, and incident response readiness.
* **Harden Third-Party Dependencies**\
Evaluate and continually improve the security of external tools, APIs, and integrations critical to our platform.
* **Lead Incident Response**\
Own the security incident response process, coordinating resolution efforts across teams and implementing long-term preventive measures.
* **Ensure Compliance and Audit Readiness**\
Collaborate with operations and legal teams to prepare for audits (e.g., SOC 2, ISO 27001) and uphold top-tier standards for regulatory and vendor security.
## Qualifications
* **Proven Security Expertise**\
4+ years of hands-on experience in security engineering with success across both infrastructure and application layers.
* **Leadership in High-Growth Environments**\
Prior leadership experience in scaling tech companies or startups, ideally in roles that bridged strategy and execution.
* **Clear and Confident Communication**\
Ability to translate complex security concepts into clear language for both technical and non-technical audiences.
* **Strong Risk and Threat Management Skills**\
Deep background in risk assessment, threat modeling, and vulnerability management.
* **Cloud and Infrastructure Mastery**\
Practical experience with GCP, Azure, or AWS, combined with a strong understanding of infrastructure and API-level security.
* **Secure Development Knowledge**\
Familiarity with secure coding practices, especially in JavaScript/TypeScript, Go, and Node.js.
* **DevSecOps and Automation**\
Experience with modern security tooling and automating testing across build and deployment pipelines.
At StackAI, security is at the heart of empowering companies to build AI assistants quickly and securely. We’re looking for a hands-on security engineer to design and drive our security strategy across infrastructure, applications, and processes. You’ll build and lead a world-class security team, embed security into our development lifecycle, and ensure we meet the highest standards of compliance and customer trust. If you thrive in high-growth environments and want to shape the future of AI security, we’d love to meet you.
## Responsibilities
* **Design and Implement Security Frameworks**\
Drive the creation and execution of security measures across both infrastructure and application layers (Render.com, Vercel, GCP, Azure, Kubernetes), ensuring StackAI remains secure as we scale rapidly.
* **Shape the Security Vision**\
Define and roll out a comprehensive security strategy, embedding best practices across engineering and product teams to safeguard data and systems.
* **Build and Lead the Security Organization**\
Recruit, mentor, and manage a high-performing security team while fostering a culture of technical excellence and proactive defense.
* **Integrate Security into Development**\
Partner with engineering teams to embed security into CI/CD pipelines and the entire software development lifecycle, making security a core part of how we build.
* **Manage External Security Partnerships**\
Oversee relationships with penetration testing firms, compliance auditors, and security vendors to strengthen our defenses and maintain trust.
* **Support Customer and Partner Trust**\
Work closely with customer-facing teams to clearly communicate StackAI’s security posture, compliance commitments, and incident response readiness.
* **Harden Third-Party Dependencies**\
Evaluate and continually improve the security of external tools, APIs, and integrations critical to our platform.
* **Lead Incident Response**\
Own the security incident response process, coordinating resolution efforts across teams and implementing long-term preventive measures.
* **Ensure Compliance and Audit Readiness**\
Collaborate with operations and legal teams to prepare for audits (e.g., SOC 2, ISO 27001) and uphold top-tier standards for regulatory and vendor security.
## Qualifications
* **Proven Security Expertise**\
4+ years of hands-on experience in security engineering with success across both infrastructure and application layers.
* **Leadership in High-Growth Environments**\
Prior leadership experience in scaling tech companies or startups, ideally in roles that bridged strategy and execution.
* **Clear and Confident Communication**\
Ability to translate complex security concepts into clear language for both technical and non-technical audiences.
* **Strong Risk and Threat Management Skills**\
Deep background in risk assessment, threat modeling, and vulnerability management.
* **Cloud and Infrastructure Mastery**\
Practical experience with GCP, Azure, or AWS, combined with a strong understanding of infrastructure and API-level security.
* **Secure Development Knowledge**\
Familiarity with secure coding practices, especially in JavaScript/TypeScript, Go, and Node.js.
* **DevSecOps and Automation**\
Experience with modern security tooling and automating testing across build and deployment pipelines.
Similar roles
Staff Security EngineerPivotal Health · Los Angeles, California, United States · Hybrid- Security EngineerLawrence Harvey · Toronto, Ontario, Canada · Hybrid
- Security EngineerARQ · New York, New York, United States · Remote
Security EngineerAP Professionals · United States · Remote- Senior Security EngineerSystems Integration Solutions · Cupertino, California, United States · Onsite
