Principal Security Engineer (AI)

TL;DR

Principal Security Engineer (AI): Driving and scaling product security strategy across the product lifecycle, from design to deployment, with an accent on integrating security into design, development, CI/CD, and release workflows. Focus on influencing architecture, setting technical direction, and building scalable security tooling and automation, including AI-assisted systems.

Location: Hybrid. Must be based in **Seattle** or **San Francisco**, United States.

Salary: $215,000–$265,000

Company

hirify.global is a unicorn AI-powered customer communications platform used by 22,000+ companies worldwide, combining voice, SMS, WhatsApp, and AI into one seamless workspace.

What you will do

• Drive secure-by-design practices across product and engineering teams, integrating security into all stages of the product lifecycle.
• Lead security design and architecture reviews for major product initiatives, defining consistent security requirements and patterns.
• Own and evolve threat modeling practices to systematically identify risks and validate mitigations.
• Perform deep technical assessments (manual code review, targeted security testing) for high-impact findings and critical services.
• Build and improve security tooling and automation that scales across engineering, leveraging AI for autonomous security-review processes.
• Triage and drive remediation of vulnerabilities and investigate/respond to product security incidents.

Requirements

• **8+ years of relevant experience** in Product Security, Application Security, or Secure Software Engineering.
• Proven track record of leading product security work and influencing architecture and SDLC maturity at scale.
• Strong foundation in secure design, threat modeling, vulnerability discovery, and remediation strategies.
• Proficient with one or more of **Python, Java, or JavaScript** and ability to read code to identify security defects.
• Knowledge of common vulnerability classes and modern application risks (OWASP Top 10, API security, cloud-native risk).
• Familiarity with cloud-native infrastructure security (**AWS/GCP/Azure + Kubernetes**) and service-to-service security patterns.

Nice to have

• Experience building proof-of-concepts/exploits or doing deep-dive vulnerability research.
• Experience applying AI/LLM techniques to improve internal security tooling or automate security workflows.
• Experience with bug bounty or vulnerability disclosure programs and working with external security researchers.
• Security certifications (OSCP, GWEB, CISSP) or demonstrated equivalent expertise.

Culture & Benefits

• Fast-learning environment with an entrepreneurial and strong team spirit, and a cosmopolite & multi-cultural mindset (45+ Nationalities).
• Competitive salary package & equity.
• **Medical, dental, and vision insurance is 100% covered.**
• **401k plan with company matching.**
• Unlimited PTO, wellness, internet, and childcare reimbursements.
• Generous parental leave policy.