The opportunity

Why this matters for your career

• Lead security architecture for LLM-powered workflows, agents, and connectors that touch sensitive product and customer data.
• Automate security operation tasks using AI agents
• Shape how we implement and operate AI governance (including ISO/IEC 42001 alignment, AI Terms, AIMS policy, and internal AI usage policies).
• Work directly with Engineering, Product, Legal, and Sales on Spark-related security, from design reviews to customer due diligence (DDQs, security questionnaires, AI-specific risk questions).

AI is how we build

• Product teams use Spark and other AI tooling across the full lifecycle: discovery, spec writing, implementation, code review, and incident response.
• Our AI stack relies on leading LLM providers (Anthropic, OpenAI, Amazon Bedrock, and others) with strict data usage and subprocessor controls.
• We are actively building out our AI Management System (AIMS), AI policies, and controls aligned to ISO/IEC 42001, on top of existing SOC 2 and ISO 27001 programs.
• Our AI product Spark is already in the hands of customers; we are continuously testing it through bug bounty, open beta, and targeted penetration testing.

What you will do

• • Own product & application security for Spark and core ProductboardLead security reviews and threat modeling for Spark Jobs, Prompts, connectors (MCP), and LLM integrations across our stack.
  • Define and harden trust boundaries for multi-tenant AI agents that access customer feedback, product strategy docs, and external tools.
  • Partner with Engineering to build secure patterns for AI-powered document generation, retrieval-augmented generation (RAG), and agent workflows (including human-in-the-loop and fallback behaviors).
  • Lead AI security architecture and governanceTranslate our AI Management Policy (AIMS), AI Terms, and internal AI policy into concrete engineering controls and guardrails.
  • Design and evolve AI observability, abuse monitoring, and risk controls for Spark (prompt injection, data exfiltration, misuse, cost bombs, and model behavior drift).
  • Act as principal security counterpart in our journey toward ISO/IEC 42001 and related AI certifications.
  • Drive security testing & Bug Bounty for SparkOwn security testing strategy for Spark: from static/dynamic analysis, dependency scanning, and configuration hardening to specialized AI testing where tools exist.
  • Coordinate Spark-focused Bug bounty and penetration testing, including defining scope, triaging reports, partnering with Engineering on remediation, and improving signals/coverage based on findings.
  • Continuously refine runbooks for AI-related incidents, including hallucination-driven harm, misrouting of data, and cross-tenant exposure scenarios.
  • Partner with Legal, Sales, and Customer teams on AI riskSupport security reviews for sales involving Spark and AI terms, including responding to AI-specific DDQs, vendor risk assessments, and RFPs.
  • Help define and maintain Spark AI terms, AI FAQs, and security overviews that are understandable to non-technical stakeholders.
  • Work closely with Legal and Privacy to ensure we can clearly explain our AI subprocessors, data flows, retention, and usage restrictions to customers and regulators.
  • Scale security through AI and automationRedefine security workflows using AI: vulnerability triage, log analysis, control testing, policy enforcement, and evidence collection for audits.
  • Build and/or select AI agents and internal tools that help Security and Engineering teams detect issues faster and reduce manual toil, while keeping human judgment in control.
  • Contribute to security-ready, AI-ready codebase patterns (clear contracts, typed interfaces, structured context) that make secure-by-default development the easiest path.
  • Be a multiplier for the Security and Engineering orgMentor other engineers (Security, Infra, and Product Engineering) on secure AI usage and threat modeling, raising the bar on AI literacy and security awareness.
  • Document and evangelize security patterns for AI (when to use which workflow, how to keep agents within safe autonomy boundaries, how to safely connect Spark to external systems).
  • Represent Security in cross-functional forums (release readiness, risk committees, incident reviews) with a pragmatic, risk-based mindset.

About you

• • Experience & level7+ years of experience in security engineering (AppSec, Product Security, or broadly as a senior security engineer), ideally in a SaaS / cloud-native company.
  • Proven track record operating at Staff/Senior Staff scope: owning broad technical domains, influencing roadmaps, and driving multi-quarter initiatives to completion.
  • Hands-on experience securing web applications and APIs in a microservices or service-oriented architecture.
  • Security & cloud expertiseStrong foundation in application security: secure design, threat modeling, code review, hardening, and vulnerability management.
  • Solid experience with cloud infrastructure security (AWS), including IAM, networking, container orchestration (Kubernetes), secrets management (e.g. Vault), and CI/CD security.
  • Familiarity with security standards and certifications such as SOC 2, ISO 27001, and ideally exposure to emerging AI governance standards (e.g. ISO/IEC 42001).
  • AI & LLM security proficiencyHands-on experience building or securing AI/LLM-powered systems (RAG, agents, or workflow orchestration) and understanding their unique failure modes.
  • Comfortable redefining security workflows through AI, not just using AI as a helper – e.g., building AI-assisted runbooks, triage flows, or evidence collection pipelines.
  • Able to set AI security architecture at scale: aligning model selection, context management, logging, and guardrails with cost, reliability, and compliance constraints.
  • Thinks in multi-year horizons: can outline and drive a realistic AI security strategy, including build-vs-partner decisions, migration paths, and dependency risks.
  • Enjoys multiplying others: you grow less senior engineers into AI-aware security leaders, not just doing the work yourself.
  • Customer-facing and cross-functionalComfortable joining customer-facing calls (with Security, Legal, Procurement) to explain our AI and security posture in clear, non-defensive language.
  • Experience collaborating closely with Product, Legal, and GTM on security and privacy topics, especially where risk and revenue intersect.
  • Strong communication skills: you can write concise, structured security documentation and present complex risk trade-offs clearly to executives.
  • MindsetPragmatic and risk-based: you know when to say “no”, when to say “not yet”, and when to design guardrails that unlock faster delivery safely.
  • Curious and learning-oriented, especially about AI security, governance, and regulation; you follow the space and can adapt our posture as it evolves.
  • Comfortable working in an environment where AI tools are heavily used internally and part of your role is to keep us safe while preserving velocity.

• Prior experience with Bug Bounty programs (e.g., HackerOne) and coordinating penetration tests for AI-heavy products.
• Experience with data protection and privacy in an AI context (data minimization, regional hosting, subprocessors, DPIAs).
• Contributions to the security community (conference talks, blog posts, open source, standards working groups).

Our Tech Stack

• Frontend: TypeScript, React, GraphQL
• Backend: Python, Kotlin, Ruby, Kafka
• Storage: PostgreSQL, MongoDB, Elastic, Redis
• Data & AI: Snowflake, Looker, Spark, LLM providers (Anthropic, OpenAI, Amazon Bedrock, others)
• Infrastructure: AWS, Cloudflare, Kubernetes, Terraform, Vault
• Business tools: Slack, Jira, Google Workspace, Zoom, Notion, Glean

You can look forward to the following benefits

• 💰 Stock options
• 💻 MacBook + 34″ monitor
• 📚 Budget for online courses, books, and conferences
• 🏝️ 5 weeks of vacation + 9 sick days
• 🫶 Volunteer Days for you to help causes close to your heart
• 🥕 Carrot Fertility Benefits
• 🥗 Free snacks, drinks, and yummy catered lunches
• 🏋️‍♂️ MultiSport card to access sports facilities
• ⏰ Flexible working hours and home office
• 🧑‍🧑‍🧒‍🧒 Parental benefits
• 🗣️ Language lessons
• 🍀 Mental Wellness Program to support your well-being and self-care

Relocation Opportunities

Relocation Support

About Productboard

About our culture

• People feel empowered, supported, and included
• Trust and transparency are built into the way we work
• Creativity, curiosity, and continuous improvement are encouraged and nurtured every day