Forge the Future of AI Security as our Lead Security Engineer!
At StackAI, we're not just building AI assistants quickly; we're building them *securely*. Security isn't an afterthought—it's the bedrock of our innovation and customer trust. We're seeking a visionary and hands-on Lead Security Engineer to architect, implement, and champion our entire security strategy.
This is a pivotal opportunity to drive security across our infrastructure, applications, and processes from the ground up. You'll not only shape our security vision but also build and lead a world-class team, embed robust security into our development lifecycle, and ensure we exceed the highest standards of compliance and customer confidence. If you're passionate about securing cutting-edge AI in a dynamic, high-growth environment, and ready to make a significant impact, StackAI is your next challenge.
What You'll Drive & Build: Architect & Implement Robust Security: Lead the design, implementation, and continuous improvement of security measures across our entire stack, from infrastructure (Render.com, Vercel, GCP, Azure, Kubernetes) to application layers, ensuring our platform remains impenetrable as we scale at an exhilarating pace. What You'll Bring to StackAI: Deep Security Engineering Expertise: 4+ years of hands-on, impactful experience in security engineering, successfully securing both infrastructure and application layers in production environments.
Shape the Security Vision: Define, evangelize, and execute a comprehensive security strategy, embedding best practices throughout our engineering and product teams to proactively safeguard sensitive data and critical systems.
Cultivate a World-Class Security Team: Recruit, mentor, and lead a high-performing security organization, fostering a culture of technical excellence, continuous learning, and proactive defense.
Integrate Security into Our DNA (DevSecOps): Partner closely with engineering teams to embed security directly into our CI/CD pipelines and the entire Software Development Lifecycle (SDLC), making security an inseparable core of how we build and innovate.
Fortify External Partnerships: Manage and optimize relationships with penetration testing firms, compliance auditors, and key security vendors to continuously strengthen our defenses and maintain trust.
Champion Customer & Partner Trust: Collaborate with customer-facing teams to transparently communicate StackAI’s robust security posture, compliance commitments, and incident response readiness, reinforcing confidence with our stakeholders.
Harden Third-Party Dependencies: Conduct rigorous evaluations and implement ongoing improvements to the security of all external tools, APIs, and integrations vital to our platform's operation.
Lead Incident Response & Resilience: Own the end-to-end security incident response process, coordinating swift resolution efforts across teams and architecting long-term preventive measures.
Ensure Peak Compliance & Audit Readiness: Partner with operations and legal teams to prepare for and excel in critical audits (e.g., SOC 2, ISO 27001), upholding top-tier standards for regulatory adherence and vendor security.
Leadership & Scaling Acumen: Proven leadership experience in high-growth tech companies or startups, with a track record of bridging strategic vision and tactical execution in security.
Exceptional Communication: The ability to articulate complex security concepts with clarity and confidence to diverse audiences, from highly technical engineers to executive leadership and non-technical stakeholders.
Mastery of Risk & Threat Management: A strong background in advanced risk assessment, threat modeling, vulnerability management, and proactive mitigation strategies.
Cloud & Infrastructure Security Mastery: Extensive practical experience securing major cloud platforms (GCP, Azure, or AWS) and a deep understanding of infrastructure-as-code and API-level security best practices.
Secure Development Advocate: Strong familiarity with secure coding practices, particularly within modern web technologies (JavaScript/TypeScript, Go, Node.js).
DevSecOps & Automation Champion: Hands-on experience with modern security tooling, automating security testing, and integrating security seamlessly across build and deployment pipelines.