Director Of Security Engineering (f/m/d)*

About Parloa

Parloa is on a mission to build an iconic AI platform company, powering Fortune 2000 enterprises with enterprise-grade conversational AI. Our flagship Agent Management Platform (AMP) is already trusted by global leaders like Booking.com, Allianz, and American Express, and we are scaling rapidly to become Europe’s leading engineering organization.

With our ambition to be a top-three vendor in a Gartner Magic Quadrant category and to quadruple annual revenue year-over-year between 2025 and 2028, we are deliberately building an engineering culture modeled after the best in the world—optimized for speed, quality, and innovation.

To succeed at this scale, we are investing in delivery excellence: aligning strategy with execution, strengthening quarterly and capacity planning, and ensuring predictable, high-quality delivery across our roadmap.

The Role

Parloa is building the AI platform that enterprises trust with their most important conversations. That trust starts with security — and we need someone to own it entirely.

As Director of Security, you won't just manage a team. You'll shape how a fast-scaling AI company thinks about security from the ground up: building the strategy, the culture, and the systems that protect our platform, our customers, and the data they entrust to us. You'll lead our SecOps team within Tech Platform, partner across IS&T and Internal IT, and be the person our customers look to when they need confidence that Parloa takes security as seriously as they do.

This is a builder role. If you want to define what security looks like at an AI-native company — not inherit someone else's playbook — this is it.

What You’ll Do

• Define and execute the product and platform security strategy — building the programs, tooling, and practices that scale with a fast-growing AI platform.
• Lead and grow the security team — hiring exceptional talent, developing senior leaders, and fostering a culture where security is every engineer's responsibility.
• Own application security across the SDLC — embedding secure coding practices, SAST/DAST/SCA tooling, threat modeling, and architectural security reviews into engineering workflows, enabling velocity without compromising safety.
• Design and implement security architectures for cloud-native applications, Kubernetes workloads, and CI/CD pipelines.
• Build and run the detection and response program — developing threat detection capabilities, tuning alerting and telemetry, and leading incident investigations, containment, and postmortems with technical rigor.
• Drive cloud security posture across our AWS/GCP infrastructure, covering identity and access, network segmentation, secrets management, and infrastructure-as-code security.
• Be Parloa's product security voice in customer engagements — fielding security questionnaires, supporting enterprise due diligence, and translating technical posture into customer confidence.
• Advance AI-specific security practices — securing LLM pipelines, model interactions, prompt injection surfaces, and data handling across the platform.
• Collaborate with IS&T on shared boundaries — coordinating on incident escalation, identity systems, and compliance requirements where product and corporate security intersect, without duplicating ownership.
• Establish security metrics that matter — proving that product security posture is measurably improving, not just maintained.

Who You Are

• 12+ years in security, with at least 5 years leading security teams, ideally in product or application security at a SaaS or platform company.
• Deep hands-on experience securing cloud-native, containerized environments (AWS/GCP, Kubernetes) — you can still roll up your sleeves when it matters.
• Strong application security background — you understand secure architecture, common vulnerability classes, and how to shift security left without slowing engineering down.
• Proven detection & response expertise — you've built or significantly improved SOC/detection capabilities and led incident response in production environments.
• Effective communicator across audiences — you can translate product security risk into business terms for execut