Product Security Engineer

Mission:
Join our Security Engineering team as a Product Security Engineer and partner with all
Product and R&D engineering teams to enable rapid innovation while protecting highly regulated data. This role combines security architecture, privacy engineering, and regulatory compliance expertise, with particular emphasis on AI/ML systems, to design secure products across our AI-powered decision intelligence platform.

Who are we?
Founded in 2020 in Munich, we are a rapidly expanding scale-up in the B2B SaaS area. We’ve already assembled a super innovative, smart, and fun team of 320+ highly motivated employees around our offices in Munich, Barcelona, Madrid, Cluj, and New York. At Aily Labs, we have the bold mission to democratize AI. Our groundbreaking product is an AI-powered mobile app that uses cutting-edge GenAI and traditional ML to unlock valuable business insights and give personalized recommendations. Our aim? Disrupting the way corporate entities operate, paving the way for the world’s first AI decision intelligence platform that enables faster, simpler, and smarter decision-making across the entire value chain, aiming towards full Agentic automation of key business goals.

Role
As a Product Security Engineer, you will be embedded in the Product/R&D organization,
ensuring security is built into products from the start. Unlike traditional Product Security roles focused on SAST/DAST, this position emphasizes security architecture for AI/Data systems, privacy engineering, and regulatory compliance for products handling highly regulated data.

We are looking for candidates with strong capabilities in at least 2 of the areas below:

AI/ML Security & Privacy Engineering:
• Design security architectures for AI/ML systems handling regulated data and implement AI governance frameworks (NIST AI RMF, ISO 42001)
• Implement privacy-by-design, including data minimization, anonymization, and conduct privacy impact assessments (DPIAs)
• Ensure GDPR/CCPA/EU AI Act compliance and translate regulatory requirements into technical controls
• Design secure ML pipelines and model deployment architectures, protecting sensitive data throughout the AI lifecycle

Product Security Architecture & Integration Security:
• Conduct security architecture reviews and threat models for product features across all engineering teams
• Design authentication/authorization architectures, including SSO integrations and identity federation patterns
• Review third-party integrations for security risks and establish data classification/access
control frameworks
• Define RBAC/ABAC models and secure webhook/event-driven architectures Aily Labs.

Data Security & Infrastructure Architecture:
• Design secure data architectures, pipelines, and encryption strategies (at-rest, in-transit, inuse) for regulated data
• Define infrastructure security constraints and secure deployment patterns for containerized/cloud native workloads
• Ensure multi-regulatory compliance (GDPR, CCPA, EU AI Act, HIPAA, SOX, PCI-DSS) across product features

Application Security & Secure Development:
• Conduct security code reviews, manage vulnerability remediation, and integrate SAST/DAST into CI/CD pipelines
• Provide security training to engineering teams with specialized content for AI/ML and Data teams
• Collaborate with GRC on audit readiness and continuously improve security tooling and
practices

Your profile:
Experience: 3-6 years in Product Security, Application Security, Privacy Engineering, or related roles, OR equivalent demonstrated skills in security architecture and privacy engineering.
If you have strong security architecture and privacy engineering skills but less traditional
experience, we encourage you to apply. We value your ability to design secure systems and think holistically about privacy and compliance over the years in your role.

Skills:
• Strong systems thinking and ability to articulate complex technical concepts to engineering teams across different domains
• Privacy engineering - Deep knowledge of privacy-by-design and data protection regulations (GDPR, CCPA)
• Security architecture - Experience designing secure data architectures, pipelines, and
AI/ML systems for regulated data
• Threat modeling - Experience with threat modeling methodologies for complex, data-intensive systems
• Identity & access management - Strong understanding of authentication, authorization,
SSO, OAuth/OIDC
• Regulatory compliance - Understanding of GDPR, CCPA, EU AI Act; healthcare (HIPAA) or financial services experience is a plus

Working Style:
• Strong communicator: You excel at aligning people on complex security and privacy topics, translating technical requirements into practical guidance
• Enabler mindset: You’re not a gatekeeper, you enable engineering teams to move fast
while meeting security and privacy requirements
• Cross-functional collaboration: You work effectively across AI/ML, Data, Platform, Back-
end/Frontend teams, Security organization, and Legal/Compliance
AI-First Mindset: You’ll leverage AI tools daily to maximize your efficiency and impact.

Ownership: You’ll own your domain end-to-end. Your scope of ownership will be smaller
or larger depending on your level, but you’re expected to own it completely—from design to delivery to maintenance. If you prefer to be told what to do, this isn’t the right environment for you.

Nice to Have
• Advanced privacy techniques (differential privacy, federated learning, confidential computing)
• AI security specialization (AI red teaming, adversarial ML, secure ML pipelines, NIST AI RMF, ISO 42001)
• Multi-jurisdiction compliance expertise (HIPAA, SOX, PCI-DSS)
• SAST/DAST tools experience (Snyk, Checkmarx, Veracode) and secure coding practices (OWASP Top 10)
• Cloud-native security (Kubernetes, containers, serverless) and CI/CD security automation
• Security/privacy certifications (CISSP, OSCP, CIPP, CIPM, cloud security certifications)

What sets us apart?:
• Work on cutting-edge AI/ML security challenges at the intersection of artificial intelligence, data protection, and privacy engineering in a company building AI-powered products.
• Work in an AI-first company where using AI to solve problems is expected and encouraged, not discouraged
• Shape security and privacy strategy across the entire product stack with broad technical
scope spanning AI/Data systems, integrations, identity, infrastructure, and applications
• Enjoy the flexibility of remote work, continuous growth, and dedicated training resources to support your professional development