Job Details

TaxDome is seeking a Principal Security Engineer (DRI) for a fully remote role across European timezones. The position focuses on application security, especially for AI-generated software delivery, impacting product safety and customer trust. Must be based outside Russia and Belarus.

We’re looking for a Principal Security Engineer (DRI) to join our Engineering organization and own application security across TaxDome’s platform during our AI-first engineering transformation. In this role, you’ll define and build the security model for AI-generated software delivery, embed security into product development and release gates, and directly impact product safety, platform resilience, and customer trust. What you’ll be responsible for: - Own and drive the Application Security workstream as the security DRI across all Domains and Pods. - Build automated security controls across the delivery loop, including secret scanning, SAST, SCA, IaC, container, dependency, and DAST gates. - Embed security into product discovery, threat modeling, acceptance criteria, and architecture decisions. - Define controls for AI-generated code, including dependency risk, tenant isolation, prompt injection, agent misuse, and risky migrations. - Own the security reviewer AI agent and improve its detection quality, escalation logic, and coverage. - Partner on incident response, supply chain security, secrets management, and compliance-related technical controls. - Raise security maturity through practical guidance, reusable rules, and developer education.

Must-have: - 7+ years in Application/Product Security, including senior IC ownership at Staff/Principal level or equivalent. - Experience securing multi-tenant SaaS products handling sensitive or regulated data. - Strong hands-on background in DevSecOps and CI/CD security automation. - Practical experience with AI/LLM security risks and controls. - Ability to review code and work closely with engineering across modern backend/platform stacks. - Strong written communication in English and Russian, with clear ownership and the ability to influence others. Nice-to-have: - Experience leading security through major engineering transformations such as AI-first, cloud, microservices, or platform-scale change. - Background in fintech, tax, payments, or other heavily regulated environments. - Experience building or operating security-focused AI agents in production. - Strong AWS/GCP, Kubernetes, and cloud/runtime security expertise.

It’s a fully remote role, we are hiring across European timezones.