Security Engineer - Product Security

at Spotify · Consumer · London, United Kingdom +1 · Platform

Security Engineer focused on protecting Spotify's platform and users, with a specific emphasis on securing AI/ML systems and generative AI applications. The role involves integrating security best practices, conducting threat modeling, evaluating security tools for AI/ML, and contributing to incident response for AI systems.

What you'd actually do

  1. Conduct threat modeling, security reviews, and risk assessments for Spotify's diverse range of generative AI and non-AI systems.
  2. Evaluate, prototype, and integrate specialized security tools for AI/ML systems.
  3. Stay ahead of the curve on the rapidly evolving landscape of AI security threats, academic research, vulnerabilities, and mitigation strategies relevant to Spotify's scale and domain.
  4. Contribute to security incident response activities involving AI systems.
  5. Champion and contribute to the development and implementation of security best practices, standards, and automated tooling for secure development and deployment within Spotify's infrastructure, including AI-driven development.

Skills

Required

  • Hands-on technical experience with software security.
  • Comfortable writing code to integrate security tools and automate your work with modern software development practices.
  • Security expertise in one or more domains, such as backend, mobile, web, and machine learning.
  • Strong foundation in core security domains such as cryptography, cloud security and application security.
  • Comfortable working with diverse stakeholders and explaining security concepts to non-expert audiences.
  • Ability to read and write code in languages such as Java, Python, Scala, C++ and TypeScript.
  • Good understanding of common security risks, attack vectors, and vulnerabilities specific to AI/ML systems and how to mitigate them.
  • Demonstrable experience with security research on AI/ML systems and applications.
  • Experience integrating security tooling into production systems at scale.
  • Familiarity with common agentic AI frameworks.

Nice to have

  • Experience from working in agile environments and easily adapt to change, enjoy challenges and thrive in ambiguity.
  • Experience with generative AI tools for common software engineering tasks.

What the JD emphasized

  • security of our engineering ecosystem
  • security of Spotify's platform
  • security of our 700+ million users
  • security best practices
  • automated tooling for secure development
  • integrate security seamlessly
  • Drive cross-disciplinary initiatives to improve the security
  • security reviews
  • risk assessments
  • generative AI
  • AI/ML systems
  • AI security threats
  • academic research
  • vulnerabilities
  • mitigation strategies
  • security incident response
  • software security
  • integrate security tools
  • automate your work
  • machine learning
  • core security domains
  • security concepts
  • security risks
  • attack vectors
  • vulnerabilities specific to AI/ML systems
  • security research on AI/ML systems
  • integrating security tooling into production systems at scale
  • agentic AI frameworks

Other signals

  • AI security threats
  • AI/ML systems
  • generative AI
Read full job description

Security engineers at Spotify protect the security of Spotify’s platform and of our 700+ million users. We are looking for an experienced engineer to join us in securing the most important engineering initiatives at Spotify.

You will be working in the product security engineering and consulting team. We’re a distributed team supporting autonomous development teams with application security expertise and best-in-class tooling. We aim to constantly improve the security posture for our fast-paced, rapidly-changing environment in a manner that will keep up with our scale. We’re experts in many domains of security, willing to teach and learn from anyone at the company.

You are a seasoned security, systems or software engineer with a passion for software security. Above all you have an insatiable appetite for learning new things and honing your existing skill set. In this role you are expected to represent security in various engineering and business contexts so we expect you to be comfortable communicating with diverse audiences both verbally and in writing.

What You'll Do

  • Champion and contribute to the development and implementation of security best practices, standards, and automated tooling for secure development and deployment within Spotify's infrastructure, including AI-driven development.
  • Partner closely with teams across the company to integrate security seamlessly into their development lifecycle, from ideation to deployment and monitoring.
  • Consult, evangelize, and teach theoretical and practical security to groups of varying sizes, disciplines, and experience levels.
  • Drive cross-disciplinary initiatives to improve the security of our engineering ecosystem and the products developed at Spotify.
  • Conduct threat modeling, security reviews, and risk assessments for Spotify's diverse range of generative AI and non-AI systems.
  • Evaluate, prototype, and integrate specialized security tools for AI/ML systems.
  • Stay ahead of the curve on the rapidly evolving landscape of AI security threats, academic research, vulnerabilities, and mitigation strategies relevant to Spotify's scale and domain.
  • Contribute to security incident response activities involving AI systems.

Who You Are

  • Hands-on technical experience with software security.
  • You are comfortable writing code to integrate security tools and automate your work with modern software development practices.
  • Security expertise in one or more domains, such as backend, mobile, web, and machine learning.
  • Strong foundation in core security domains such as cryptography, cloud security and application security.
  • You are comfortable working with diverse stakeholders and explaining security concepts to non-expert audiences.
  • You have experience from working in agile environments and easily adapt to change, enjoy challenges and thrive in ambiguity.
  • Ability to read and write code in languages such as Java, Python, Scala, C++ and TypeScript.
  • Experience with generative AI tools for common software engineering tasks.
  • Good understanding of common security risks, attack vectors, and vulnerabilities specific to AI/ML systems and how to mitigate them.
  • Demonstrable experience with security research on AI/ML systems and applications.
  • Experience integrating security tooling into production systems at scale.
  • Familiarity with common agentic AI frameworks.

Where You'll Be

  • This role is based in either London or Stockholm
  • We offer you the flexibility to work where you work best! There will be some in person meetings, but still allows for flexibility to work from home.

Spotify is an equal opportunity employer. You are welcome at Spotify for who you are, no matter where you come from, what you look like, or what’s playing in your headphones. Our platform is for everyone, and so is our workplace. The more voices we have represented and amplified in our business, the more we will all thrive, contribute, and be forward-thinking! So bring us your personal experience, your perspectives, and your background. It’s in our differences that we will find the power to keep revolutionizing the way the world listens.

At Spotify, we are passionate about inclusivity and making sure our entire recruitment process is accessible to everyone. We have ways to request reasonable accommodations during the interview process and help assist in what you need. If you need accommodations at any stage of the application or interview process, please let us know - we’re here to support you in any way we can.

Spotify transformed music listening forever when we launched in 2008. Our mission is to unlock the potential of human creativity by giving a million creative artists the opportunity to live off their art and billions of fans the chance to enjoy and be passionate about these creators. Everything we do is driven by our love for music and podcasting. Today, we are the world’s most popular audio streaming subscription service.