aircall - Security Engineer - Product Security

• 2–5 years of experience in Product Security, Application Security, or software engineering with a strong security focus. • Strong understanding of web application and API security fundamentals and common vulnerability classes (OWASP Top 10). • Experience performing security reviews, threat modelling, or secure architecture assessments for software systems. • Familiarity with security testing tools and practices (SAST/DAST, dependency scanning, fuzzing, manual testing). • Comfort reading and reviewing production code in at least one language (e.g., Python, Go, Java, JavaScript/TypeScript). • Exposure to automated or AI-assisted security tools or workflows, and interest in applying them to improve developer experience and security outcomes. • Ability to work cross-functionally with engineering teams and communicate findings in a constructive, actionable way. • Proven ability to drive remediation efforts and follow through on risk reduction outcomes. • ## Nice-to-have: • Experience with cloud-native architectures (AWS/GCP/Azure), microservices, Kubernetes, service-to-service authentication, and secrets management. • Experience tuning security tools to reduce noise and improve signal (e.g., improving rules, baselines, or pipelines). • Familiarity with secure SDLC practices and security champions programs. • Exposure to bug bounty/vulnerability disclosure or working with external researchers. • Experience improving internal security automation or developer workflows (including using AI-assisted tooling).