Engineering Manager - Security Engineering

Aircall is a unicorn, AI-powered customer communications platform used by 22,000+ companies worldwide to drive revenue, resolve issues faster, and scale customer-facing teams. We’re redefining customer communications by bringing voice, SMS, WhatsApp, and AI together into one seamless workspace. Our momentum comes from a simple idea: help teams work smarter, not harder. Aircall’s AI Voice Agent automates routine calls, AI Assist streamlines post-call work, and AI Assist Pro delivers real-time guidance so people can do their best work. The result is higher revenue, faster resolutions, and teams that scale with confidence. Aircall is headquartered in Paris, our European HQ, with a strong North American presence anchored in Seattle, our North American HQ, and teams across Madrid, London, Berlin, San Francisco, New York City, Sydney, and Mexico City. We’ve built a product customers love and a business that’s scaling quickly, backed by world-class investors and driven by rapid AI innovation across multiple product lines. At Aircall, you’ll join a company in motion. We’re ambitious, product-driven, and execution-focused, with visible impact, fast decisions, and real growth. How we work at Aircall: We’re customer-obsessed, data-driven, and focused on delivering meaningful outcomes. We value ownership, continuous learning, and thoughtful speed. If you thrive in a collaborative, fast-moving environment where trust and impact matter, you’ll feel at home here. We are looking for a seasoned Engineering Manager to lead Aircall's Security Engineering organisation. This is a high-impact leadership role spanning four pillars: Product Security, Infrastructure Security, Detection & Response, and Governance, Risk & Compliance (GRC). You will grow an established team of security engineers, set the technical direction, and partner closely with Engineering, Product, Legal, IT and Finance to embed security deeply across the company. You’ll scale the team through high impact AI engineering across all 4 pillars. You will be both a skilled people manager and a credible technical leader — someone who can roll up their sleeves when needed but who ultimately scales their impact through their team. You bring empathy, clear communication, and a bias for pragmatic security outcomes over security theatre. Why join us? 🚀 Key moment to join Aircall in terms of growth and opportunities 💆‍♀️ Our people matter, work-life balance is important at Aircall 📚 Fast-learning environment, entrepreneurial and strong team spirit 🌍 45+ Nationalities: cosmopolite & multi-cultural mindset 💵 Competitive salary package & benefits 🏨 Medical, dental, and vision insurance is 100% covered 📈 401k plan with company matching! ✈️ Unlimited PTO — take the time you need to come to work feeling great! ⭐️ Wellness, internet, and childcare reimbursements 💚 Generous parental leave policy DE&I Statement: At Aircall, we believe diversity, equity and inclusion – irrespective of origins, identity, background and orientations – are core to our journey. We pride ourselves on promoting active inclusion within our business to foster a strong sense of belonging for all. We’re working to create a place filled with diverse people who can enrich and learn from one another. We’re committed to ensuring that everyone not only has a seat at the table but is valued and respected at it by providing equal opportunities to develop and thrive. We will constantly challenge ourselves to make sure that we live up to our ambitions around diversity, equity and inclusion, and keep this conversation open. Above all else, we understand and acknowledge that we have work to do and much to learn. Want to know more about candidate privacy? Find our Candidate Privacy Notice here. Scope of Responsibility Product Security Own the Secure Software Development Lifecycle (SSDLC) from threat modelling through to production deployment. Secure Agentic development practices by automating threat modeling, code reviews, internal pentesting and vulnerability remediation by building in-house security AI agents. Partner with engineering to embed security reviews, static analysis (SAST), dependency scanning (SCA), and secrets detection into CI/CD pipelines. Lead the Aircall Bug Bounty and Vulnerability Disclosure Program (VDP), triaging and remediating reports with engineering teams. Drive regular penetration testing cycles for web, mobile, and API surfaces; oversee remediation tracking. Champion a developer-centric security culture through security champions, training, and tooling that makes the secure path the easy path. Infrastructure Security Define and maintain the security architecture of Aircall's cloud infrastructure (AWS), with a strong emphasis on zero-trust, least privilege, and defence in depth. Own, maintain and expand security observability through CSPM, CNAPP and CWPP tools like Wiz. Enable agentic auto-remediations for security vulnerabilities. Own network segmentation, secrets management, certificate lifecycle, identity & access management (IAM), and workload isolation, and secure hosting of internal AI applications Lead infrastructure hardening programs: CIS benchmarks, container security, Kubernetes policy enforcement (OPA), and immutable infrastructure practices. Manage the security posture of third-party SaaS tools and vendor risk assessments. Collaborate with Infrastructure engineering and Product Engineering on shared security responsibilities and runbooks. Detection & Response Build and mature Aircall's threat detection capability — SIEM tuning, alert triage playbooks, and investigation workflows. Own incident response: develop and test the IR plan, lead tabletop exercises, and act as incident commander for significant security events. Drive threat intelligence and threat hunting programs to stay ahead of adversaries targeting the cloud communications sector. Establish and track key security metrics: MTTD, MTTR, alert-to-incident conversion rates, and coverage gaps. Ensure 24×7 detection coverage through tooling, automation, and on-call rotations, balancing reliability and engineer wellbeing. Governance, Risk & Compliance (GRC / Information Security) Own and continuously improve Aircall's information security management program, aligned to SOC 2 Type II, and applicable data-protection regulations (GDPR, CCPA). Lead audit preparation and evidence collection for external certifications and customer security questionnaires. Maintain the corporate risk register for information security, presenting findings and remediation plans to senior leadership and the board as required. Define and enforce security policies, standards, and exception processes across the organisation. Act as the primary security liaison for enterprise customers, prospects, and partners conducting security due diligence. People Leadership Lead, mentor, and grow a multi-disciplinary security team of 6–10 engineers across the four pillars. Run structured 1:1s, career-development conversations, and quarterly goal-setting aligned to company OKRs. Hire and onboard exceptional security talent; contribute to employer-branding initiatives in the security community. Create an environment where engineers feel psychologically safe to raise concerns, experiment, and learn from failures. Balance hands-on technical involvement with delegation — staying close enough to the work to be credible, but trusting the team to execute. Partner cross-functionally with Engineering leadership, Legal, People Ops, and Finance to align security initiatives with business priorities. What We're Looking For 7+ years of professional experience in security engineering. 3+ years in an engineering management or technical lead role with direct reports. Proven track record of building and scaling security teams in a cloud-native, SaaS environment. Deep technical fluency across at least two of the four pillars (Product Security, Infrastructure Security, D&R, GRC). Hands-on experience with major cloud platforms (AWS strongly preferred, GCP or Azure a plus) and infrastructure-as-code (Terraform, CDK, or equivalent). Experience owning or contributing to SOC 2 Type II, ISO 27001, or equivalent compliance programmes. Demonstrated ability to communicate security risk clearly to non-technical executives and board members. Experience running security incident response — from detection through containment, eradication, and post-mortem. Preferred / Nice to Have Background in a high-growth B2B SaaS or cloud-communications company. Familiarity with VoIP, real-time communications, or telephony security considerations. Experience embedding Agentic AI practices into security engineering workflows and securing internal AI tooling and implementation. Relevant certifications: CISSP, CISM, AWS Security Specialty, GIAC (GWAPT, GCIA, GCIH), or equivalent. Experience running a Bug Bounty programme (HackerOne, Bugcrowd, or similar). Contributions to the open-source security community, conference speaking, or published research. Familiarity with DORA metrics and the relationship between deployment frequency and security posture.

{
  "content_hash": "39573204e1a58ecea8a9a2acd283a52a2272c217f3960ac726f8ee1d3e897684",
  "source_hash": "0058fe3647b357cba0482be953cfd9352a7196c5f870191b7ca7d130116eb363",
  "last_changed_at": "2026-05-29T07:01:00.387Z",
  "active_status": "active"
}

{
  "language": "en",
  "location": {
    "raw": "Seattle Office",
    "city": "Seattle",
    "region": "WA",
    "country": "United States",
    "is_remote": false,
    "confidence": 0.75
  },
  "salary_max": 260000,
  "salary_min": 200000,
  "inferred_at": "2026-06-06T07:56:57.863Z",
  "launch_scope": {
    "reason": "english_us_canada",
    "included": true,
    "language": "en",
    "location": {
      "raw": "Seattle Office",
      "city": "Seattle",
      "region": "WA",
      "country": "United States",
      "is_remote": false,
      "confidence": 0.75
    },
    "countries": [
      "United States"
    ]
  },
  "remote_policy": "hybrid",
  "salary_period": "year",
  "workplace_type": "hybrid",
  "salary_currency": "USD"
}

{}

{
  "lists": [
    {
      "text": "Scope of Responsibility",
      "content": "<div><strong>Product Security</strong></div>\n\n<li>Own the Secure Software Development Lifecycle (SSDLC) from threat modelling through to production deployment.<br>Secure Agentic development practices by automating threat modeling, code reviews, internal pentesting and vulnerability remediation by building in-house security AI agents.</li>\n<li>Partner with engineering to embed security reviews, static analysis (SAST), dependency scanning (SCA), and secrets detection into CI/CD pipelines.</li>\n<li>Lead the Aircall Bug Bounty and Vulnerability Disclosure Program (VDP), triaging and remediating reports with engineering teams.</li>\n<li>Drive regular penetration testing cycles for web, mobile, and API surfaces; oversee remediation tracking.</li>\n<li>Champion a developer-centric security culture through security champions, training, and tooling that makes the secure path the easy path.</li>\n\n<p><strong>Infrastructure Security</strong></p>\n\n<li>Define and maintain the security architecture of Aircall's cloud infrastructure (AWS), with a strong emphasis on zero-trust, least privilege, and defence in depth.</li>\n<li>Own, maintain and expand security observability through CSPM, CNAPP and CWPP tools like Wiz.</li>\n<li>Enable agentic auto-remediations for security vulnerabilities.</li>\n<li>Own network segmentation, secrets management, certificate lifecycle, identity &amp; access management (IAM), and workload isolation, and secure hosting of internal AI applications</li>\n<li>Lead infrastructure hardening programs: CIS benchmarks, container security, Kubernetes policy enforcement (OPA), and immutable infrastructure practices.</li>\n<li>Manage the security posture of third-party SaaS tools and vendor risk assessments.</li>\n<li>Collaborate with Infrastructure engineering and Product Engineering on shared security responsibilities and runbooks.</li>\n\n<p><strong>Detection &amp; Response</strong></p>\n\n<li>Build and mature Aircall's threat detection capability — SIEM tuning, alert triage playbooks, and investigation workflows.<br>Own incident response: develop and test the IR plan, lead tabletop exercises, and act as incident commander for significant security events.</li>\n<li>Drive threat intelligence and threat hunting programs to stay ahead of adversaries targeting the cloud communications sector.</li>\n<li>Establish and track key security metrics: MTTD, MTTR, alert-to-incident conversion rates, and coverage gaps.</li>\n<li>Ensure 24×7 detection coverage through tooling, automation, and on-call rotations, balancing reliability and engineer wellbeing.</li>\n\n<div><strong>Governance, Risk &amp; Compliance (GRC / Information Security)</strong></div>\n\n<li>Own and continuously improve Aircall's information security management program, aligned to SOC 2 Type II, and applicable data-protection regulations (GDPR, CCPA).</li>\n<li>Lead audit preparation and evidence collection for external certifications and customer security questionnaires.</li>\n<li>Maintain the corporate risk register for information security, presenting findings and remediation plans to senior leadership and the board as required.</li>\n<li>Define and enforce security policies, standards, and exception processes across the organisation.</li>\n<li>Act as the primary security liaison for enterprise customers, prospects, and partners conducting security due diligence.</li>\n\n<p><strong>People Leadership</strong></p>\n\n<li>Lead, mentor, and grow a multi-disciplinary security team of 6–10 engineers across the four pillars.</li>\n<li>Run structured 1:1s, career-development conversations, and quarterly goal-setting aligned to company OKRs.</li>\n<li>Hire and onboard exceptional security talent; contribute to employer-branding initiatives in the security community.</li>\n<li>Create an environment where engineers feel psychologically safe to raise concerns, experiment, and learn from failures.</li>\n<li>Balance hands-on technical involvement with delegation — staying close enough to the work to be credible, but trusting the team to execute.</li>\n<li>Partner cross-functionally with Engineering leadership, Legal, People Ops, and Finance to align security initiatives with business priorities.</li>\n"
    },
    {
      "text": "What We're Looking For",
      "content": "\n<li>7+ years of professional experience in security engineering.</li>\n<li>3+ years in an engineering management or technical lead role with direct reports.</li>\n<li>Proven track record of building and scaling security teams in a cloud-native, SaaS environment.</li>\n<li>Deep technical fluency across at least two of the four pillars (Product Security, Infrastructure Security, D&amp;R, GRC).</li>\n<li>Hands-on experience with major cloud platforms (AWS strongly preferred, GCP or Azure a plus) and infrastructure-as-code (Terraform, CDK, or equivalent).</li>\n<li>Experience owning or contributing to SOC 2 Type II, ISO 27001, or equivalent compliance programmes.</li>\n<li>Demonstrated ability to communicate security risk clearly to non-technical executives and board members.</li>\n<li>Experience running security incident response — from detection through containment, eradication, and post-mortem.</li>\n"
    },
    {
      "text": "Preferred / Nice to Have",
      "content": "\n<li>Background in a high-growth B2B SaaS or cloud-communications company.</li>\n<li>Familiarity with VoIP, real-time communications, or telephony security considerations.</li>\n<li>Experience embedding Agentic AI practices into security engineering workflows and securing internal AI tooling and implementation.</li>\n<li>Relevant certifications: CISSP, CISM, AWS Security Specialty, GIAC (GWAPT, GCIA, GCIH), or equivalent.</li>\n<li>Experience running a Bug Bounty programme (HackerOne, Bugcrowd, or similar).</li>\n<li>Contributions to the open-source security community, conference speaking, or published research.</li>\n<li>Familiarity with DORA metrics and the relationship between deployment frequency and security posture.</li>\n"
    }
  ],
  "country": "US",
  "createdAt": 1777594681047,
  "updatedAt": null,
  "categories": {
    "team": "13013 - Security",
    "location": "Seattle Office",
    "commitment": "Permanent Full Time Employee",
    "department": "Engineering",
    "allLocations": [
      "Seattle Office"
    ]
  },
  "salaryRange": {
    "max": 260000,
    "min": 200000,
    "currency": "USD",
    "interval": "per-year-salary"
  },
  "workplaceType": "hybrid"
}