Security Engineer, Product Security

Aircall is a unicorn, AI-powered customer communications platform used by 22,000+ companies worldwide to drive revenue, resolve issues faster, and scale customer-facing teams. Were redefining customer communications by bringing voice, SMS, WhatsApp, and AI together into one seamless workspace.Our momentum comes from a simple idea: help teams work smarter, not harder. Aircalls AI Voice Agent automates routine calls, AI Assist streamlines post-call work, and AI Assist Pro delivers real-time guidance so people can do their best work. The result is higher revenue, faster resolutions, and teams that scale with confidence.Aircall is headquartered in Paris, our European HQ, with a strong North American presence anchored in Seattle, our North American HQ, and teams across Madrid, London, Berlin, San Francisco, New York City, Sydney, and Mexico City. Weve built a product customers love and a business thats scaling quickly, backed by world-class investors and driven by rapid AI innovation across multiple product lines.At Aircall, youll join a company in motion. Were ambitious, product-driven, and execution-focused, with visible impact, fast decisions, and real growth.How we work at Aircall: Were customer-obsessed, data-driven, and focused on delivering meaningful outcomes. We value ownership, continuous learning, and thoughtful speed. If you thrive in a collaborative, fast-moving environment where trust and impact matter, youll feel at home here.As a Security Engineer, Product Security, you will help Aircall build and ship secure products by working closely with engineering teams and product managers to identify risk early, reduce vulnerabilities, and improve security quality across the software development lifecycle. Youll support secure-by-design practices and help ensure security is integrated into how teams design, build, test, and release software.In this role, youll be hands-on across threat modeling, vulnerability detection and remediation, and security testing. You will partner with engineers to make security practical and actionable helping teams move quickly while raising the security bar.

Responsibilities:

• Partner with engineering teams to review designs and implementation plans, identifying security risks early and recommending mitigations.
• Perform threat modeling for new features and major changes, helping teams document risks, assumptions, and security controls.
• Identify and help remediate common vulnerability classes across services and APIs (, auth/authz, injection, data exposure, logic flaws).
• Triage and support remediation of vulnerabilities identified through SAST/DAST tools, internal testing, or third-party findings.
• Conduct security testing and validation, including targeted manual testing for high-risk areas.
• Help improve secure development practices by creating reusable guidance, checklists, and secure patterns for engineering teams.
• Contribute to security tooling and automation that improves coverage, reduces false positives, and streamlines security reviews.
• Assist with product security incidents by supporting investigation, impact analysis, and follow-up remediation.
• Communicate security risks clearly and pragmatically, helping teams prioritize effectively and ship safely.
• Document learnings and contribute to evolving product security processes and standards.

Should have:

• 25 years of experience in Product Security, Application Security, or software engineering with a strong security focus.
• Strong understanding of web application and API security fundamentals and common vulnerability classes (OWASP Top 10).
• Experience performing security reviews, threat modeling, or secure architecture assessments for software systems.
• Familiarity with security testing tools and practices (SAST/DAST, dependency scanning, fuzzing, manual testing).
• Comfort reading and reviewing production code in at least one language (, Python, Go, Java, JavaScript/TypeScript).
• Exposure to automated or AI-assisted security tools or workflows, and interest in applying them to improve developer experience and security outcomes.
• Ability to work cross-functionally with engineering teams and communicate findings in a constructive, actionable way.
• Proven ability to drive remediation efforts and follow through on risk reduction outcomes.

Bonus / Nice-to-have:

• Experience with cloud-native architectures (AWS/GCP/Azure), microservices, Kubernetes, service-to-service authentication, and secrets management.
• Experience tuning security tools to reduce noise and improve signal (, improving rules, baselines, or pipelines).
• Familiarity with secure SDLC practices and security champions programs.
• Exposure to bug bounty / vulnerability disclosure or working with external researchers.
• Experience improving internal security automation or developer workflows (including using AI-assisted tooling).

$140,000 - $165,000 a yearThis is not including equity and other benefits. The actual salary offered will carefully consider a wide range of factors, including your skills, qualifications, and experience.Why join us? Key moment to join Aircall in terms of growth and opportunities‍️ Our people matter, work-life balance is important at Aircall Fast-learning environment, entrepreneurial and strong team spirit 45+ Nationalities: cosmopolite & multi-cultural mindset Competitive salary package & equity Medical, dental, and vision insurance is 100% covered 401k plan with company matching!️ Unlimited PTO take the time you need to come to work feeling great!️ Wellness, internet, and childcare reimbursements Generous parental leave policyDE&I Statement: At Aircall, we believe diversity, equity and inclusion irrespective of origins, identity, background and orientations are core to our journey. We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. Were working to create a place filled with diverse people who can enrich and learn from one another. Were committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive. We will constantly challenge ourselves to make sure that we live up to our ambitions around diversity, equity and inclusion, and keep this conversation open. Above all else, we understand and acknowledge that we have work to do and much to learn.