Staff Security Manager (AI & Product Security) in Brno at Productboard

The opportunityThe way software is built is changing, and fast. AI-native product development is redefining how teams discover, design, and ship – and with it, the entire security threat landscape.At Productboard, this transformation to being AI-native is not a side project; it is our entire focus. Spark, our AI-first product management experience, is now at the center of how customers plan, prioritize, and communicate product work.We are looking for a Staff Security Manager (AI & Product Security) to take end-to-end ownership of the security posture of Productboard, with a primary focus on Productboard Spark and AI capabilities. You’ll be stepping into a critical backfill role on a small, high-impact Security team, working at the intersection of application security, AI safety, governance, and customer trust.This role will be based in our Prague or Brno office with an office-centric hybrid schedule.Why this matters for your careerThe gap between security engineers who deeply understand AI-driven systems and those who don’t is widening fast.In this role, you won’t just be “supporting” an AI product. You will:

• Lead security architecture for LLM-powered workflows, agents, and connectors that touch sensitive product and customer data.
• Automate security operation tasks using AI agents
• Shape how we implement and operate AI governance (including ISO/IEC 42001 alignment, AI Terms, AIMS policy, and internal AI usage policies).
• Work directly with Engineering, Product, Legal, and Sales on Spark-related security, from design reviews to customer due diligence (DDQs, security questionnaires, AI-specific risk questions).

Skills you build here – AI-aware threat modeling, LLM security architecture, AI governance & assurance, secure agent workflows, and customer-facing AI risk communication – will define senior security leadership for the next decade.AI is how we build“AI first” is our operating model across Engineering, Product, and Design – and Security is no exception.

• Product teams use Spark and other AI tooling across the full lifecycle: discovery, spec writing, implementation, code review, and incident response.
• Our AI stack relies on leading LLM providers (Anthropic, OpenAI, Amazon Bedrock, and others) with strict data usage and subprocessor controls.
• We are actively building out our AI Management System (AIMS), AI policies, and controls aligned to ISO/IEC 42001, on top of existing SOC 2 and ISO 27001 programs.
• Our AI product Spark is already in the hands of customers; we are continuously testing it through bug bounty, open beta, and targeted penetration testing.

Your job is to make sure this AI-first way of working remains secure, compliant, and explainable – without slowing the organization down.What you will doIn this role, you will be redefining security workflows through AI, setting architecture at scale, and shaping multi-year security strategy.You will:

• • Own product & application security for Spark and core ProductboardLead security reviews and threat modeling for Spark Jobs, Prompts, connectors (MCP), and LLM integrations across our stack.
  • Define and harden trust boundaries for multi-tenant AI agents that access customer feedback, product strategy docs, and external tools.
  • Partner with Engineering to build secure patterns for AI-powered document generation, retrieval-augmented generation (RAG), and agent workflows (including human-in-the-loop and fallback behaviors).
  • Lead AI security architecture and governanceTranslate our AI Management Policy (AIMS), AI Terms, and internal AI policy into concrete engineering controls and guardrails.
  • Design and evolve AI observability, abuse monitoring, and risk controls for Spark (prompt injection, data exfiltration, misuse, cost bombs, and model behavior drift).
  • Act as principal security counterpart in our journey toward ISO/IEC 42001 and related AI certifications.
  • Drive security testing & Bug Bounty for SparkOwn security testing strategy for Spark: from static/dynamic analysis, dependency scanning, and configuration hardening to specialized AI testing where tools exist.
  • Coordinate Spark-focused Bug bounty and penetration testing, including defining scope, triaging reports, partnering with Engineering on remediation, and improving signals/coverage based on findings.
  • Continuously refine runbooks for AI-related incidents, including hallucination-driven harm, misrouting of data, and cross-tenant exposure scenarios.
  • Partner with Legal, Sales, and Customer teams on AI riskSupport security reviews for sales involving Spark and AI terms, including responding to AI-specific DDQs, vendor risk assessments, and RFPs.
  • Help define and maintain Spark AI terms, AI FAQs, and security overviews that are understandable to non-technical stakeholders.
  • Work closely with Legal and Privacy to ensure we can clearly explain our AI subprocessors, data flows, retention, and usage restrictions to customers and regulators.
  • Scale security through AI and automationRedefine security workflows using AI: vulnerability triage, log analysis, control testing, policy enforcement, and evidence collection for audits.
  • Build and/or select AI agents and internal tools that help Security and Engineering teams detect issues faster and reduce manual toil, while keeping human judgment in control.
  • Contribute to security-ready, AI-ready codebase patterns (clear contracts, typed interfaces, structured context) that make secure-by-default development the easiest path.
  • Be a multiplier for the Security and Engineering orgMentor other engineers (Security, Infra, and Product Engineering) on secure AI usage and threat modeling, raising the bar on AI literacy and security awareness.
  • Document and evangelize security patterns for AI (when to use which workflow, how to keep agents within safe autonomy boundaries, how to safely connect Spark to external systems).
  • Represent Security in cross-functional forums (release readiness, risk committees, incident reviews) with a pragmatic, risk-based mindset.

About youYou might be a great fit if:

• • Experience & level7+ years of experience in security engineering (AppSec, Product Security, or broadly as a senior security engineer), ideally in a SaaS / cloud-native company.
  • Proven track record operating at Staff/Senior Staff scope: owning broad technical domains, influencing roadmaps, and driving multi-quarter initiatives to completion.
  • Hands-on experience securing web applications and APIs in a microservices or service-oriented architecture.
  • Security & cloud expertiseStrong foundation in application security: secure design, threat modeling, code review, hardening, and vulnerability management.
  • Solid experience with cloud infrastructure security (AWS), including IAM, networking, container orchestration (Kubernetes), secrets management (e.g. Vault), and CI/CD security.
  • Familiarity with security standards and certifications such as SOC 2, ISO 27001, and ideally exposure to emerging AI governance standards (e.g. ISO/IEC 42001).
  • AI & LLM security proficiencyHands-on experience building or securing AI/LLM-powered systems (RAG, agents, or workflow orchestration) and understanding their unique failure modes.
  • Comfortable redefining security workflows through AI, not just using AI as a helper – e.g., building AI-assisted runbooks, triage flows, or evidence collection pipelines.
  • Able to set AI security architecture at scale: aligning model selection, context management, logging, and guardrails with cost, reliability, and compliance constraints.
  • Thinks in multi-year horizons: can outline and drive a realistic AI security strategy, including build-vs-partner decisions, migration paths, and dependency risks.
  • Enjoys multiplying others: you grow less senior engineers into AI-aware security leaders, not just doing the work yourself.
  • Customer-facing and cross-functionalComfortable joining customer-facing calls (with Security, Legal, Procurement) to explain our AI and security posture in clear, non-defensive language.
  • Experience collaborating closely with Product, Legal, and GTM on security and privacy topics, especially where risk and revenue intersect.
  • Strong communication skills: you can write concise, structured security documentation and present complex risk trade-offs clearly to executives.
  • MindsetPragmatic and risk-based: you know when to say “no”, when to say “not yet”, and when to design guardrails that unlock faster delivery safely.
  • Curious and learning-oriented, especially about AI security, governance, and regulation; you follow the space and can adapt our posture as it evolves.
  • Comfortable working in an environment where AI tools are heavily used internally and part of your role is to keep us safe while preserving velocity.

Nice to have:

• Prior experience with Bug Bounty programs (e.g., HackerOne) and coordinating penetration tests for AI-heavy products.
• Experience with data protection and privacy in an AI context (data minimization, regional hosting, subprocessors, DPIAs).
• Contributions to the security community (conference talks, blog posts, open source, standards working groups).

Our Tech StackYou’ll partner closely with teams working with the following technologies:

• Frontend: TypeScript, React, GraphQL
• Backend: Python, Kotlin, Ruby, Kafka
• Storage: PostgreSQL, MongoDB, Elastic, Redis
• Data & AI: Snowflake, Looker, Spark, LLM providers (Anthropic, OpenAI, Amazon Bedrock, others)
• Infrastructure: AWS, Cloudflare, Kubernetes, Terraform, Vault
• Business tools: Slack, Jira, Google Workspace, Zoom, Notion, Glean

You don’t need to be an expert in every technology on day one, but you should be comfortable learning enough about each layer to meaningfully assess and influence security risk.You can look forward to the following benefits

• 💰 Stock options
• 💻 MacBook + 34″ monitor
• 📚 Budget for online courses, books, and conferences
• 🏝️ 5 weeks of vacation + 9 sick days
• 🫶 Volunteer Days for you to help causes close to your heart
• 🥕 Carrot Fertility Benefits
• 🥗 Free snacks, drinks, and yummy catered lunches
• 🏋️‍♂️ MultiSport card to access sports facilities
• ⏰ Flexible working hours and home office
• 🧑‍🧑‍🧒‍🧒 Parental benefits
• 🗣️ Language lessons
• 🍀 Mental Wellness Program to support your well-being and self-care

Relocation OpportunitiesIf joining us means making a move, we’re here to help make that transition easier.Candidates must have the legal right to work in the EU. While we are unable to provide visa sponsorship for this role, we’re happy to support relocation to Prague for candidates already authorized to work in the EU.Relocation SupportWe offer a one-time relocation bonus ranging from $6,000 to $13,000 USD, depending on your personal situation, whether you’re moving on your own or with a partner or family.This bonus is intended to help offset moving expenses and support your transition into your new city. While it may not cover every cost, it provides meaningful financial support as you get settled.If you’re thinking about relocating and want to explore what this could look like for you, we’d be happy to have that conversation.
About ProductboardAt Productboard, we’re on a mission to help product teams build exceptional products with clarity and confidence. As the leading intelligent product management platform, we empower over 6,000 companies, including Salesforce, SAP, Autodesk, and Kroger, to understand what customers need, prioritize what to build next, and align everyone around a shared roadmap.Headquartered in San Francisco with offices in Prague and Brno, Czechia, we’re backed by some of the world’s most respected investors, including Index Ventures, Kleiner Perkins, Sequoia Capital, Bessemer Venture Partners, Tiger Global, and Dragoneer.We’re proud to be consistently recognized as one of the best places to work by BuiltIn and Comparably, and to count ourselves among the world’s leading unicorn companies. Well-funded and financially disciplined, we have the stability and runway to build boldly for the long term.Over the past few years, we’ve rearchitected our platform from the ground up to serve enterprise scale and set the foundation for the next era of product management. Now we’re entering an exciting new phase with Productboard Spark, our AI-first, agentic experience that transforms how product teams work. Spark is a true collaborator that deeply understands your product context, company strategy, and customer needs, helping teams move faster and make smarter, more confident decisions.Join us as we build the future of product management.About our cultureImagine working in a place where everything matters — most importantly, you. At Productboard, values aren’t just something we like to talk about, they’re something we live and breathe. We believe in creating a work environment where:

• People feel empowered, supported, and included
• Trust and transparency are built into the way we work
• Creativity, curiosity, and continuous improvement are encouraged and nurtured every day

Forming our company values was a group effort, with every employee allowed to contribute. From profit-sharing initiatives, like stock options, to open calendars and communication, we don’t waste time on politics or ego. We champion openness by sharing our goals, successes, and failures.Join colleagues who are passionate about what they do. Team members who are invested in their work environment, and the future of Productboard. Help shape our company, culture, and product!Check out our LinkedIn Life page, or listen to our People of Productboard podcast for a real feel of what life is like at Productboard.Equal Opportunity Employer StatementWe are an equal opportunity employer and champion equity. We aim to help people from all backgrounds, cultures, and groups realize their full potential at Productboard. We do not tolerate any discrimination or harassment based on gender identity, race, color, religion, age, sexual orientation, non-disqualifying physical or mental disability, national origin, veteran status, or any other bias covered by appropriate law. All aspects of employment, including hiring, training, promotion, and terminations, are based on merit, competence, performance, and business needs. We are committed to an inclusive hiring process and provide all candidates with equal opportunity to demonstrate their abilities. Togetherness is one of our core values, and our Diversity Council helps to ensure that we uphold the values of authenticity, humanity, and diversity to create an environment where every person matters. We are committed to leading by example to drive societal change.
By applying you agree to Productboard's Global Candidate Privacy Policy