Mission
Join our Security Engineering team as a Product Security Engineer and partner with all
Product and R&D engineering teams to enable rapid innovation while protecting highly regulated data. This role combines security architecture, privacy engineering, and regulatory compliance expertise, with particular emphasis on AI/ML systems, to design secure products across our AI-powered decision intelligence platform.
Who are we?
Founded in 2020 in Munich, we are a rapidly expanding scale-up in the B2B SaaS area. We’ve already assembled a super innovative, smart, and fun team of 320+ highly motivated employees around our offices in Munich, Barcelona, Madrid, Cluj, and New York. At Aily Labs, we have the bold mission to democratize AI. Our groundbreaking product is an AI-powered mobile app that uses cutting-edge GenAI and traditional ML to unlock valuable business insights and give personalized recommendations. Our aim? Disrupting the way corporate entities operate, paving the way for the world’s first AI decision intelligence platform that enables faster, simpler, and smarter decision-making across the entire value chain, aiming towards full Agentic automation of key business goals.
Role
As a Product Security Engineer, you will be embedded in the Product/R&D organization,
ensuring security is built into products from the start. Unlike traditional Product Security roles focused on SAST/DAST, this position emphasizes security architecture for AI/Data systems, privacy engineering, and regulatory compliance for products handling highly regulated data.
We are looking for candidates with strong capabilities in at least 2 of the areas below:
AI/ML Security & Privacy Engineering:
• Design security architectures for AI/ML systems handling regulated data and implement AI governance frameworks (NIST AI RMF, ISO 42001)
• Implement privacy-by-design, including data minimization, anonymization, and conduct privacy impact assessments (DPIAs)
• Ensure GDPR/CCPA/EU AI Act compliance and translate regulatory requirements into technical controls
• Design secure ML pipelines and model deployment architectures, protecting sensitive data throughout the AI lifecycle
Product Security Architecture & Integration Security:
• Conduct security architecture reviews and threat models for product features across all engineering teams
• Design authentication/authorization architectures, including SSO integrations and identity federation patterns
• Review third-party integrations for security risks and establish data classification/access
control frameworks
• Define RBAC/ABAC models and secure webhook/event-driven architectures Aily Labs.
Data Security & Infrastructure Architecture:
• Design secure data architectures, pipelines, and encryption strategies (at-rest, in-transit, inuse) for regulated data
• Define infrastructure security constraints and secure deployment patterns for containerized/cloud native workloads
• Ensure multi-regulatory compliance (GDPR, CCPA, EU AI Act, HIPAA, SOX, PCI-DSS) across product features
Application Security & Secure Development:
• Conduct security code reviews, manage vulnerability remediation, and integrate SAST/DAST into CI/CD pipelines
• Provide security training to engineering teams with specialized content for AI/ML and Data teams
• Collaborate with GRC on audit readiness and continuously improve security tooling and
practices
Product and R&D engineering teams to enable rapid innovation while protecting highly regulated data. This role combines security architecture, privacy engineering, and regulatory compliance expertise, with particular emphasis on AI/ML systems, to design secure products across our AI-powered decision intelligence platform.
Who are we?
Founded in 2020 in Munich, we are a rapidly expanding scale-up in the B2B SaaS area. We’ve already assembled a super innovative, smart, and fun team of 320+ highly motivated employees around our offices in Munich, Barcelona, Madrid, Cluj, and New York. At Aily Labs, we have the bold mission to democratize AI. Our groundbreaking product is an AI-powered mobile app that uses cutting-edge GenAI and traditional ML to unlock valuable business insights and give personalized recommendations. Our aim? Disrupting the way corporate entities operate, paving the way for the world’s first AI decision intelligence platform that enables faster, simpler, and smarter decision-making across the entire value chain, aiming towards full Agentic automation of key business goals.
Role
As a Product Security Engineer, you will be embedded in the Product/R&D organization,
ensuring security is built into products from the start. Unlike traditional Product Security roles focused on SAST/DAST, this position emphasizes security architecture for AI/Data systems, privacy engineering, and regulatory compliance for products handling highly regulated data.
We are looking for candidates with strong capabilities in at least 2 of the areas below:
AI/ML Security & Privacy Engineering:
• Design security architectures for AI/ML systems handling regulated data and implement AI governance frameworks (NIST AI RMF, ISO 42001)
• Implement privacy-by-design, including data minimization, anonymization, and conduct privacy impact assessments (DPIAs)
• Ensure GDPR/CCPA/EU AI Act compliance and translate regulatory requirements into technical controls
• Design secure ML pipelines and model deployment architectures, protecting sensitive data throughout the AI lifecycle
Product Security Architecture & Integration Security:
• Conduct security architecture reviews and threat models for product features across all engineering teams
• Design authentication/authorization architectures, including SSO integrations and identity federation patterns
• Review third-party integrations for security risks and establish data classification/access
control frameworks
• Define RBAC/ABAC models and secure webhook/event-driven architectures Aily Labs.
Data Security & Infrastructure Architecture:
• Design secure data architectures, pipelines, and encryption strategies (at-rest, in-transit, inuse) for regulated data
• Define infrastructure security constraints and secure deployment patterns for containerized/cloud native workloads
• Ensure multi-regulatory compliance (GDPR, CCPA, EU AI Act, HIPAA, SOX, PCI-DSS) across product features
Application Security & Secure Development:
• Conduct security code reviews, manage vulnerability remediation, and integrate SAST/DAST into CI/CD pipelines
• Provide security training to engineering teams with specialized content for AI/ML and Data teams
• Collaborate with GRC on audit readiness and continuously improve security tooling and
practices