Founding Product Security Engineer

ABOUT ARENA INTELLIGENCE Arena Intelligence is the open platform for evaluating how AI models perform in the real world. Created by researchers from UC Berkeley’s SkyLab, our mission is to measure and advance the frontier of AI for real-world use. Millions of people use Arena Intelligence each month to explore how frontier systems perform — and we use our community’s feedback to build transparent, rigorous, and human-centered model evaluations. Leading enterprises and AI labs rely on our evaluations to understand real-world reliability, alignment, and impact. Our leaderboards are the gold standard for AI performance — trusted by leaders across the AI community and shaping the global conversation on model reliability and progress. We’re a team of researchers, engineers, academics, and builders from places like UC Berkeley, Google, Stanford, DeepMind, and Discord. We seek truth, move fast, and value craftsmanship, curiosity, and impact over hierarchy. We’re building a company where thoughtful, curious people from all backgrounds can do their best work. Everyone on our team is a deep expert in their field — our office radiates excellence, energy, and focus. ABOUT THE ROLE Arena Intelligence is seeking a Founding Product Security Engineer to lead the strategy, design, and hands-on implementation of the systems that protect Arena from attackers and keep our platform trustworthy as we scale. You'll work across product, infrastructure, and data pipelines to proactively identify risks, embed security into core features, and build the platform primitives — identity, session, behavioral signals, secure APIs, model-inference-path controls — that every other team at Arena builds on top of. This is a builder role. You will not only set technical direction but also write the code, build the tools, and design the frameworks that make security part of our product's DNA. Your work will directly influence how the world's top AI labs, developers, and millions of users experience Arena, ensuring we remain resilient against real-world attacks and evolving threats. YOU’LL - Own the product security vision for Arena, ensuring security and trust are core to every stage of our product lifecycle - Design and implement the identity, authentication, authorization, and account-lifecycle systems that protect Arena against credential stuffing, account takeover, and API-key compromise - Secure the model inference path end-to-end — provider credential handling, API gateway, rate limiting, quota enforcement, and protections against secret and prompt exfiltration - Lead threat modeling and security architecture reviews for new and existing product features - Collaborate with infrastructure and product engineering to design secure APIs, data flows, and identity systems that scale - Improve developer velocity by creating secure-by-default frameworks, libraries, and tooling for internal teams - Apply adversarial thinking to continuously test and evolve platform defenses - Partner with incident response to quickly assess, contain, and remediate security events, and lead deep postmortems to improve defenses - Stay ahead of the curve by monitoring emerging attack techniques and applying cutting-edge security research to our platform - Mentor engineers across the company on secure coding practices, architecture trade-offs, and operational security YOU’LL HAVE - 6+ years of experience in software engineering or security engineering, including staff-level scope in securing large-scale, user-facing platforms - Strong experience with threat modeling, secure architecture design, and risk assessment - Hands-on experience building security features into production systems at scale (millions of DAU / billions of requests) - Deep knowledge of authentication, authorization, and identity systems, including session management and credential-abuse resistance - Strong knowledge of distributed systems security, API security, and secure data-pipeline design - Proficiency in backend development (Node.js, TypeScript, Python, or Go) and willingness to work across the stack when needed - Excellent communication skills, able to build alignment across engineering, product, and leadership teams BONUS POINTS - Experience securing AI/ML inference paths, API gateways, or high-volume public APIs - Experience building behavioral-signal or fingerprinting platforms used by trust & safety or abuse teams - Contributions to open-source security tools or research - Background in securing real-time, interactive platforms at scale - Experience leading security incident response end-to-end, including blameless postmortems at a company with meaningful external exposure WHAT WE OFFER - We offer competitive compensation and equity aligned to the markets where our team members are based. The base salary range will depend on the candidate’s permanent work location. - Comprehensive health and wellness