Security Engineer Jobs (NOW HIRING)

Madrid - Hybrid, Barcelona - Hybrid Full-time Permanent Employee

Join our Security Engineering team as a Security Engineer who builds, not just operates. You will design and build security systems that protect our AI-driven platform at scale—whether that means securing cloud infrastructure and data pipelines, embedding security into our AI-powered products, engineering the detection and automation capabilities that keep us ahead of threats, or protecting corporate infrastructure and ensuring secure, well-architected business systems. You will own your work end-to-end and grow into one of our four specialization tracks as the team and your profile develop together.

As a Security Engineer at Aily, you are a software engineer with deep security expertise. We are not looking for people who configure existing tools; we need engineers who write production-quality code to solve hard security problems in an AI-first company. You will face problems of the AI age: securing complex data flows across distributed systems, protecting AI models and training pipelines, building detection logic against real threats, and designing products that handle highly regulated data safely. You will own projects from design through deployment and work closely with Engineering, Data Science, Platform, and Product teams.

Our Security Engineering team operates across four tracks. You'll share your preference during the process; we'll confirm fit and align on where you'll have the most impact.

Build the security infrastructure that protects Aily's cloud platform, AI pipelines, and data ecosystem.

• Design and build security automation systems and platforms — from control monitoring to advanced threat detection capabilities or agentic red teaming
• Secure complex data flows, data lakes, and AI training pipelines; implement DLP strategies at scale
• Protect AI models from adversarial attacks, data poisoning, and unauthorized access
• Implement cloud security controls for AWS environments and codify security policies through Infrastructure as Code

Embed security into our AI-powered products from the start, working closely with Product and R&D teams.

• Design security architectures for AI/ML systems handling regulated data
• Conduct threat models and security architecture reviews across all engineering teams
• Design authentication and authorization architectures (SSO, OAuth/OIDC, RBAC/ABAC) and review third-party integrations
• Ensure GDPR/CCPA/EU AI Act compliance and integrate SAST/DAST into CI/CD pipelines

Write production-quality code to build the detection logic and agentic observability platform that keeps Aily ahead of threats.

• Design detection strategies against real attacker TTPs — from signal engineering to response workflows
• Build and operate an AI-native, agentic Security & Governance Observability Platform with autonomous agents that ingest telemetry, correlate signals, and execute responses
• Build data pipelines for security telemetry at scale and design intelligent automation that eliminates repetitive work
• Design incident response playbooks and automated remediation workflows across endpoint, cloud, and identity domains

Protect corporate infrastructure, ensure secure and well-architected business systems, and govern company-wide AI usage and agentic tooling.

• Design and implement security controls for corporate infrastructure — MDM, identity management, endpoint security, and access control architectures
• Build security automation and tooling for compliance and policy enforcement across corporate systems
• Define and enforce policies for company-wide AI usage and agentic tooling — ensuring safe adoption, data boundaries, and governance guardrails
• Review and validate architectural decisions for business systems (HRIS, CRM, Finance, Legal, BI) from Security and Data Architecture perspectives
• Provide Enterprise Architecture governance — ensuring business systems meet security and architectural standards through review, patterns, and guidance

We hire across all levels. What we evaluate is your ability to build quality solutions, think in systems, and own your work end-to-end.

Software engineer who writes production-quality code to solve security problems — not just configure tools

• Strong systems thinking and ability to design at scale
• Cloud security experience (we use AWS) — Kubernetes, containers, cloud-native architectures
• AI-first mindset — you use AI tools daily and thrive in an AI-native environment
• Offensive security or red teaming background
• Clear communicator across technical and non-technical teams

• DLP in production environments
• Securing data-intensive systems (data lakes, analytics, AI pipelines)
• Building security platforms or governance tooling from scratch

• Privacy engineering (GDPR/CCPA)
• Security architecture for AI/ML and regulated data
• Threat modeling · IAM (SSO, OAuth/OIDC, RBAC/ABAC)
• Regulatory compliance (EU AI Act, HIPAA, SOX)

• Detection engineering against real TTPs
• Incident response or threat hunting
• Working with large-scale security telemetry

• Corporate Security systems (MDM, identity management, endpoint security)
• Identity and access management (Okta, Entra ID, Azure AD)
• Enterprise architecture review and governance
• AI usage governance and agentic tooling security

You own your work end-to-end — from design to delivery to maintenance. Scope grows with your level, but ownership is always complete. You use AI tools to multiply your impact. We value autonomy, initiative, and people who take pride in their craft.

• Kubernetes hardening
• Terraform/IaC
• CSPM tools
• AI/ML security tools or privacy-preserving techniques

• Advanced privacy techniques (differential privacy, federated learning)
• AI red teaming or adversarial ML
• SAST/DAST tools (Snyk, Checkmarx)
• Multi-jurisdiction compliance (HIPAA, SOX, PCI-DSS)

• SIEM/SOAR platforms (Splunk, Elastic, Sentinel)
• Graph databases or semantic data models
• Compliance control monitoring
• Agentic security systems or autonomous response workflows

• Network security (firewalls, VPN, NAC, segmentation)
• Email and messaging security (anti-phishing, DMARC, DLP)
• Endpoint hardening and EDR/XDR at fleet scale
• PKI, certificate management, and device trust architectures

Founded 2020 in Munich, we are a rapidly expanding scale-up in the B2B SaaS area. We've already assembled a super innovative, smart and fun team of 320+ highly motivated employees around our offices in Munich, Barcelona, Madrid, Cluj and New York. At Aily Labs, we have the bold mission to democratize AI. Our groundbreaking product is an AI-powered mobile app that uses cutting edge GenAI and traditional ML to unlock valuable business insights and gives personalized recommendations. Our aim? Disrupting the way corporate entities operate, paving the way for the world's first AI decision intelligence platform that enables faster, simpler and smarter decision-making across the entire value chain, aiming towards full Agentic automation of key business goals.

• Build security from the ground up at an AI-first company — our security platform is greenfield, not legacy
• Work where