Key skills
Product SecurityApplication SecurityJavaScriptTypeScriptNode.jsWeb Application FrameworksLLM SecurityPrompt Injection RiskData Leakage RiskSecure CodingThreat ModelingPenetration TestingVulnerability ManagementAILLMStrategic Planning
About this role
Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. They are seeking a Product Security Engineer to shape the security of their platform, focusing on building frameworks and automated controls that ensure security by design while collaborating with engineering teams.
Responsibilities:
- Develop self-service security frameworks and "paved roads" that allow engineering teams to ship secure code by default
- Focus on automated guardrails for common vulnerabilities, while prioritizing deep-dive design reviews into complex business logic and data isolation issues (for example, multi-tenant isolation and authorization/permission bypasses) that automated tools cannot catch
- Partner with product and engineering teams to review designs early, contribute to threat modeling for new features and complex initiatives, and provide clear, actionable security guidance
- Research emerging threats and evolving best practices, specifically regarding AI and LLM safety, and implement controls to secure these workflows
- Manage and evolve our approach to external penetration testing and bug bounties, driving remediation for findings and treating vulnerability management as an engineering problem
- Contribute to the long-term roadmaps, metrics, and strategic planning for the security team
- Lead complex threat modeling sessions for major product launches and define secure coding standards, and actively mentor other engineers to raise the technical security bar across the organization
Requirements:
- 4+ years of experience in product security or application security, with experience shipping production code
- A strong background in computer science or a related field, with proficiency in writing clean, maintainable code
- Deep familiarity with JavaScript or TypeScript, Node.js, and modern web application frameworks, and can reason about the security implications of systems built on them
- Hands-on experience securing LLM integrations and identifying prompt injection or data leakage risks
- Proficient in writing and reviewing code and treat security as an engineering problem to be solved with software, not just policies
- Excel at communicating complex security risks to non-security stakeholders and enjoy collaborating cross-functionally to find solutions that balance security with engineering velocity
- Comfortable working in a fast-paced environment, navigating ambiguity, continuously learning about emerging threats and technologies, and contributing to long-term security strategy