Security Engineer- Product Security

Requirements

• You have 3+ years of hands-on experience in security engineering or a related technical field.
• You are comfortable writing code to integrate security tools and automate workflows using modern software development practices.
• You have expertise in one or more domains such as backend development, AI/ML systems, distributed computing, CI/CD platforms, cloud infrastructure, or developer platforms.
• You have a strong foundation in security concepts including cryptography, threat modeling, secure design, and software security.
• You are comfortable working with diverse stakeholders and communicating security concepts to both technical and non-technical audiences.
• You have experience working in agile environments and can adapt quickly to changing priorities and evolving challenges.
• You can read and write code in one or more languages such as Java, Python, Scala, C++, or TypeScript.

What You'll Be Doing

• Champion and contribute to the development and implementation of security best practices, standards, and automated tooling for secure development and deployment across Spotify’s infrastructure and platforms, including AI-driven development.
• Partner closely with teams across the company to integrate security throughout the software development lifecycle, from ideation and design through deployment and monitoring.
• Consult, educate, and advocate for practical security approaches with groups of varying sizes, disciplines, and experience levels.
• Drive cross-disciplinary initiatives that improve the security of Spotify’s engineering ecosystem and the products we build.
• Conduct threat modeling, security reviews, and risk assessments across Spotify’s diverse range of generative AI and non-AI systems and platforms.
• Evaluate, prototype, and integrate security solutions and tools that improve security outcomes and developer experience at scale.
• Stay current with the rapidly evolving landscape of AI security threats, academic research, vulnerabilities, and mitigation strategies relevant to Spotify’s scale and domain.
• Contribute to security incident response activities involving Spotify platforms and systems, helping strengthen our detection, response, and remediation capabilities.

Nice to Haves

• You have experience applying generative AI tools to security and software engineering challenges.
• You have a strong understanding of common security risks, attack vectors, and vulnerabilities relevant to AI and machine learning systems, and how to mitigate them.
• You have experience integrating security tooling into large-scale production environments.
• You are familiar with modern agentic AI frameworks and emerging AI development patterns.
• You care about building secure systems while enabling engineers to move quickly and confidently.

Perks and Benefits

• This role is based in London, United Kingdom OR Stockholm, Sweden.
• We offer you the flexibility to work where you work best! There will be some in person meetings, but still allows for flexibility to work from home.