Director Of Security Engineering

About Parloa

Parloa’s mission is to make every customer conversation feel effortless for both customers and the companies serving them. As agentic AI accelerates, Parloans are shaping the foundation of a new era in customer experience — one where customer support is no longer transactions, but meaningful exchanges. It is not just a vision; Parloa has powered over ONE BILLION interactions between global enterprise brands and their customers, with companies like IKEA and Booking.com already deploying Parloa at scale.

About the role:

Parloa is building the AI platform that enterprises trust with their most important conversations. That trust starts with security — and we need someone to own it entirely.

As Director of Security, you won't just manage a team. You'll shape how a fast-scaling AI company thinks about security from the ground up: building the strategy, the culture, and the systems that protect our platform, our customers, and the data they entrust to us. You'll lead our SecOps team within Tech Platform, partner across IS&T and Internal IT, and be the person our customers look to when they need confidence that Parloa takes security as seriously as they do.

This is a builder role. If you want to define what security looks like at an AI-native company — not inherit someone else's playbook — this is it.

Areas of ownership:

• Define and execute the product and platform security strategy — building the programs, tooling, and practices that scale with a fast-growing AI platform.
• Lead and grow the security team — hiring exceptional talent, developing senior leaders, and fostering a culture where security is every engineer's responsibility.
• Own application security across the SDLC — embedding secure coding practices, SAST/DAST/SCA tooling, threat modeling, and architectural security reviews into engineering workflows, enabling velocity without compromising safety.
• Design and implement security architectures for cloud-native applications, Kubernetes workloads, and CI/CD pipelines.
• Build and run the detection and response program — developing threat detection capabilities, tuning alerting and telemetry, and leading incident investigations, containment, and postmortems with technical rigor.
• Drive cloud security posture across our AWS/GCP infrastructure, covering identity and access, network segmentation, secrets management, and infrastructure-as-code security.
• Be Parloa's product security voice in customer engagements — fielding security questionnaires, supporting enterprise due diligence, and translating technical posture into customer confidence.
• Advance AI-specific security practices — securing LLM pipelines, model interactions, prompt injection surfaces, and data handling across the platform.
• Collaborate with IS&T on shared boundaries — coordinating on incident escalation, identity systems, and compliance requirements where product and corporate security intersect, without duplicating ownership.
• Establish security metrics that matter — proving that product security posture is measurably improving, not just maintained.

Who you are:

• 12+ years in security, with at least 5 years leading security teams, ideally in product or application security at a SaaS or platform company.
• Deep hands-on experience securing cloud-native, containerized environments (AWS/GCP, Kubernetes) — you can still roll up your sleeves when it matters.
• Strong application security background — you understand secure architecture, common vulnerability classes, and how to shift security left without slowing engineering down.
• Proven detection & response expertise — you've built or significantly improved SOC/detection capabilities and led incident response in production environments.
• Effective communicator across audiences — you can translate product security risk into business terms for executives and customers, and dive into technical detail with engineers.
• Familiarity with compliance frameworks (SOC 2, ISO 27001) as they relate to product security controls — you've contributed to audits and customer security reviews, even if GRC ownership sits elsewhere.
• Genuine curiosity about AI security — experience securing LLM-based systems is a strong plus, but a sharp instinct for emerging risk is what counts.