Security Engineer - Product Security

What You'll Do

• Champion and contribute to the development and implementation of security best practices, standards, and automated tooling for secure development and deployment within Spotify's infrastructure, including AI-driven development.
• Partner closely with teams across the company to integrate security seamlessly into their development lifecycle, from ideation to deployment and monitoring.
• Consult, evangelize, and teach theoretical and practical security to groups of varying sizes, disciplines, and experience levels.
• Drive cross-disciplinary initiatives to improve the security of our engineering ecosystem and the products developed at Spotify.
• Conduct threat modeling, security reviews, and risk assessments for Spotify's diverse range of generative AI and non-AI systems.
• Evaluate, prototype, and integrate specialized security tools for AI/ML systems.
• Stay ahead of the curve on the rapidly evolving landscape of AI security threats, academic research, vulnerabilities, and mitigation strategies relevant to Spotify's scale and domain.
• Contribute to security incident response activities involving AI systems.

Who You Are

• Hands-on technical experience with software security.
• You are comfortable writing code to integrate security tools and automate your work with modern software development practices.
• Security expertise in one or more domains, such as backend, mobile, web, and machine learning.
• Strong foundation in core security domains such as cryptography, cloud security and application security.
• You are comfortable working with diverse stakeholders and explaining security concepts to non-expert audiences.
• You have experience from working in agile environments and easily adapt to change, enjoy challenges and thrive in ambiguity.
• Ability to read and write code in languages such as Java, Python, Scala, C++ and TypeScript.
• Experience with generative AI tools for common software engineering tasks.
• Good understanding of common security risks, attack vectors, and vulnerabilities specific to AI/ML systems and how to mitigate them.
• Demonstrable experience with security research on AI/ML systems and applications.
• Experience integrating security tooling into production systems at scale.
• Familiarity with common agentic AI frameworks.

Where You'll Be

• This role is based in either London or Stockholm
• We offer you the flexibility to work where you work best! There will be some in person meetings, but still allows for flexibility to work from home.