Staff Security Manager (AI & Product Security)Verified as a real position
- Posted
- Employment type
- Full-time
Who we’re looking for
- Experience & level 7+ years of experience in security engineering (AppSec, Product Security, or broadly as a senior security engineer), ideally in a SaaS / cloud-native company.
- Proven track record operating at Staff/Senior Staff scope: owning broad technical domains, influencing roadmaps, and driving multi-quarter initiatives to completion.
- Hands-on experience securing web applications and APIs in a microservices or service-oriented architecture.
- Security & cloud expertise Strong foundation in application security : secure design, threat modeling, code review, hardening, and vulnerability management.
- Solid experience with cloud infrastructure security (AWS), including IAM, networking, container orchestration (Kubernetes), secrets management (e.g. Vault), and CI/CD security.
- Familiarity with security standards and certifications such as SOC 2, ISO 27001, and ideally exposure to emerging AI governance standards (e.g. ISO/IEC 42001).
- AI & LLM security proficiency Hands-on experience building or securing AI/LLM-powered systems (RAG, agents, or workflow orchestration) and understanding their unique failure modes.
- Comfortable redefining security workflows through AI , not just using AI as a helper – e.g., building AI-assisted runbooks, triage flows, or evidence collection pipelines.
- Able to set AI security architecture at scale : aligning model selection, context management, logging, and guardrails with cost, reliability, and compliance constraints.
- Thinks in multi-year horizons : can outline and drive a realistic AI security strategy, including build-vs-partner decisions, migration paths, and dependency risks.
- Enjoys multiplying others : you grow less senior engineers into AI-aware security leaders, not just doing the work yourself.
- Customer-facing and cross-functional Comfortable joining customer-facing calls (with Security, Legal, Procurement) to explain our AI and security posture in clear, non-defensive language.
- Experience collaborating closely with Product, Legal, and GTM on security and privacy topics, especially where risk and revenue intersect.
- Strong communication skills: you can write concise, structured security documentation and present complex risk trade-offs clearly to executives.
- Mindset Pragmatic and risk-based: you know when to say “no”, when to say “not yet”, and when to design guardrails that unlock faster delivery safely.
- Curious and learning-oriented, especially about AI security, governance, and regulation ; you follow the space and can adapt our posture as it evolves.
- Comfortable working in an environment where AI tools are heavily used internally and part of your role is to keep us safe while preserving velocity.
What you’ll do
- Own product & application security for Spark and core Productboard Lead security reviews and threat modeling for Spark Jobs, Prompts, connectors (MCP), and LLM integrations across our stack.
- Define and harden trust boundaries for multi-tenant AI agents that access customer feedback, product strategy docs, and external tools.
- Partner with Engineering to build secure patterns for AI-powered document generation, retrieval-augmented generation (RAG), and agent workflows (including human-in-the-loop and fallback behaviors).
- Lead AI security architecture and governance Translate our AI Management Policy (AIMS), AI Terms, and internal AI policy into concrete engineering controls and guardrails.
- Design and evolve AI observability, abuse monitoring, and risk controls for Spark (prompt injection, data exfiltration, misuse, cost bombs, and model behavior drift).
- Act as principal security counterpart in our journey toward ISO/IEC 42001 and related AI certifications.
- Drive security testing & Bug Bounty for Spark Own security testing strategy for Spark: from static/dynamic analysis, dependency scanning, and configuration hardening to specialized AI testing where tools exist.
- Coordinate Spark-focused Bug bounty and penetration testing , including defining scope, triaging reports, partnering with Engineering on remediation, and improving signals/coverage based on findings.
- Continuously refine runbooks for AI-related incidents , including hallucination-driven harm, misrouting of data, and cross-tenant exposure scenarios.
- Partner with Legal, Sales, and Customer teams on AI risk Support security reviews for sales involving Spark and AI terms, including responding to AI-specific DDQs, vendor risk assessments, and RFPs.
- Help define and maintain Spark AI terms, AI FAQs, and security overviews that are understandable to non-technical stakeholders.
- Work closely with Legal and Privacy to ensure we can clearly explain our AI subprocessors, data flows, retention, and usage restrictions to customers and regulators.
- Scale security through AI and automation Redefine security workflows using AI: vulnerability triage, log analysis, control testing, policy enforcement, and evidence collection for audits.
- Build and/or select AI agents and internal tools that help Security and Engineering teams detect issues faster and reduce manual toil, while keeping human judgment in control.
- Contribute to security-ready, AI-ready codebase patterns (clear contracts, typed interfaces, structured context) that make secure-by-default development the easiest path.
- Be a multiplier for the Security and Engineering org Mentor other engineers (Security, Infra, and Product Engineering) on secure AI usage and threat modeling, raising the bar on AI literacy and security awareness.
- Document and evangelize security patterns for AI (when to use which workflow, how to keep agents within safe autonomy boundaries, how to safely connect Spark to external systems).
- Represent Security in cross-functional forums (release readiness, risk committees, incident reviews) with a pragmatic, risk-based mindset.
About the position
The opportunity The way software is built is changing, and fast. AI-native product development is redefining how teams discover, design, and ship – and with it, the entire security threat landscape. At Productboard, this transformation to being AI-native is not a side project; it is our entire focus. Spark, our AI-first product management experience, is now at the center of how customers plan, prioritize, and communicate product work. We are looking for a Staff Security Manager (AI & Product Security) to take end-to-end ownership of the security posture of Productboard, with a primary focus on Productboard Spark and AI capabilities. You’ll be stepping into a critical backfill role on a small, high-impact Security team, working at the intersection of application security, AI safety, governance, and customer trust. This role will be based in our Prague or Brno office with an office-centric hybrid schedule.
Benefits
- 💰 Stock options
- 💻 MacBook + 34″ monitor
- 📚 Budget for online courses, books, and conferences
- 🏝️ 5 weeks of vacation + 9 sick days
- 🫶 Volunteer Days for you to help causes close to your heart
- 🥕 Carrot Fertility Benefits
- 🥗 Free snacks, drinks, and yummy catered lunches
- 🏋️♂️ MultiSport card to access sports facilities
- ⏰ Flexible working hours and home office
- 🧑🧑🧒🧒 Parental benefits
- 🗣️ Language lessons
- 🍀 Mental Wellness Program to support your well-being and self-care
