Staff Security Engineer, Product Security

Aircall is a unicorn AI-powered customer communications platform used by 22,000+ companies worldwide to drive revenue, faster resolutions, and scale. We’re redefining what a customer communications platform can be—by combining voice, SMS, WhatsApp, and AI into one seamless workspace.

Our momentum comes from a simple but powerful idea: help every customer-facing team work smarter, not harder. Aircall’s AI Voice Agent automates routine calls, AI Assist streamlines post-call tasks, and AI Assist Pro delivers real-time guidance that helps people do their best work. The result—companies grow revenue, deliver faster resolutions, and scale service.

We’ve built a product customers love and a business that scales fast. Aircall operates in nine global offices (Paris, New York, San Francisco, Sydney, Madrid, London, Berlin, Seattle, and Mexico City), and is backed by world-class investors. Our teams are shipping AI innovation faster than ever and expanding across new product lines and markets.

At Aircall, you’ll join a company in motion—ambitious, profitable, and product-driven—where impact is visible, decisions are fast, and growth is real.

How We Work at Aircall: At Aircall, we believe in customer obsession, continuous learning, and delivering extraordinary outcomes. We value open collaboration, taking ownership, and making smart, informed decisions with speed and precision. If you thrive in a fast-paced, team-driven environment where curiosity, trust, and impact matter, you'll fit right in

As a Staff Security Engineer, Product Security, you will drive Aircall’s product security strategy and execution by embedding security into the product lifecycle — from design to deployment. You will partner closely with Engineering, Product, and Platform leaders to ensure Aircall’s systems are secure, resilient, and reliable by default, risks are proactively mitigated, and security enables teams to ship quickly and safely without compromising availability or customer trust.

This is a Staff-level role, which means you will operate with broad scope and significant autonomy, owning cross-cutting initiatives that improve product security maturity and system reliability across teams. You will be expected to influence architecture and development practices at scale, set technical direction, create repeatable patterns and guardrails, and mentor engineers across the organization — not only solving security problems, but ensuring solutions are durable, scalable, and operationally sound over time.

• Drive and scale secure-by-design practices across product and engineering teams, integrating security into design, development, CI/CD, and release workflows.
• Lead security design and architecture reviews for major product initiatives; define security requirements, controls, and patterns that teams can adopt consistently.
• Own and evolve threat modeling practices, ensuring risks are systematically identified early and mitigations are validated.
• Perform deep technical assessments (manual code review, targeted security testing, validation of fixes) for high-impact findings and critical services.
• Identify and reduce classes of vulnerabilities across Aircall’s codebases and services (e.g., auth/authz flaws, injection, logic issues, SSRF, API security, cloud misconfigurations).
• Build and improve security tooling and automation that scales across engineering (e.g., guardrails, CI checks, policy-as-code, leveraging AI for autonomous security-review processes  that don’t slow delivery).
• Triage and drive remediation of vulnerabilities discovered through internal testing, automated detection, and external reports (including coordinated disclosure where applicable).
• Investigate and respond to product security incidents, helping with containment, root cause analysis, and prevention. Participate in on-call/threat-response rotations, escalating and coordinating during high-severity events.
• Stay up to date on attacker techniques (MITRE ATT&CK, red team reports, threat intel) and propose new detection patterns or responses accordingly.
• Serve as a trusted advisor to engineering and product leadership, translating security risks into pragmatic, prioritized actions and tradeoffs.
• Own cross-team product security initiatives (e.g., secure SDLC improvements, secure design frameworks, security champions, org-wide security patterns and standards).
• Mentor and up-level engineers across security and product teams through reviews, pairing, coaching, and security education.

• 8+ years of relevant experience in Product Security / Application Security / Secure Software Engineering (or equivalent).
• Proven track record of leading product security work across multiple teams and influencing architecture and SDLC maturity at scale.
• Strong foundation in secure design, threat modeling, vulnerability discovery, and remediation strategies.
• Proficient with one or more of Programming languages ( Python/Java/JavaScript) and ability to read code to identify security defects.
• Knowledge of common vulnerability classes and modern application risks (OWASP Top 10, API security, identity/auth patterns, cloud-native risk).
• Experience designing or contributing to scalable, automated security review or decision-support workflows, including the use of AI-assisted systems to improve consistency, speed, or coverage.
• Familiarity with cloud-native infrastructure security (AWS/GCP/Azure + Kubernetes) and service-to-service security patterns
• High degree of autonomy, initiative, and ownership; ability to drive entire initiatives with minimal oversight.
• Strong communication skills and ability to drive alignment across engineering/product partners.

• Experience building proof-of-concepts/exploits or doing deep-dive vulnerability research.
• Experience applying AI/LLM techniques to improve internal security tooling, automate security workflows, or enhance security signal quality (e.g., structured reviews, correlation, prioritization, or validation).
• Experience with bug bounty / vulnerability disclosure programs and working with external security researchers.
• Security certifications (OSCP, GWEB, CISSP) or demonstrated equivalent expertise.
• Contributions to open-source security tools, libraries, or security research.

Why join us?

🚀 Key moment to join Aircall in terms of growth and opportunities

💆‍♀️ Our people matter, work-life balance is important at Aircall

📚 Fast-learning environment, entrepreneurial and strong team spirit

🌍 45+ Nationalities: cosmopolite & multi-cultural mindset

💵 Competitive salary package & equity

🏨 Medical, dental, and vision insurance is 100% covered

📈 401k plan with company matching!

✈️ Unlimited PTO — take the time you need to come to work feeling great!

⭐️ Wellness, internet, and childcare reimbursements

💚 Generous parental leave policy

DE&I Statement: 

At Aircall, we believe diversity, equity and inclusion – irrespective of origins, identity, background and orientations – are core to our journey. 

We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. We’re working to create a place filled with diverse people who can enrich and learn from one another. We’re committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive.  

We will constantly challenge ourselves to make sure that we live up to our ambitions around diversity, equity and inclusion, and keep this conversation open. Above all else, we understand and acknowledge that we have work to do and much to learn.

Want to know more about candidate privacy? Find our Candidate Privacy Notice here.