OverviewMedallia is the pioneer and market leader in Experience Management. Our award-winning SaaS platform, Medallia Experience Cloud, leads the market in the management of experiences, insights, and actions for candidates, customers, employees, patients, and residents alike.
We believe that every experience is a memory that can last a lifetime. Experiences shape the way people feel about a company. And they greatly influence how likely people are to advocate, contribute, and stay. At Medallia, we are committed to creating a world where organizations are loved by their customers and their employees.
We empower exceptional people to create extraordinary experiences together.
Bring your whole self.
The Role and Team
We are seeking a Senior Staff Product Security Engineer to lead Medallia's security strategy and assurance efforts for AI-powered products, agentic systems, next-generation platforms, and emerging technologies.
This individual will serve as the technical leader for AI Security and Security Assurance, partnering with Product, Engineering, Architecture, Data Science, and Security teams to ensure security is embedded into the design, development, and deployment of modern AI-enabled capabilities.
The ideal candidate combines deep expertise in application security, threat modeling, and security architecture with a strong understanding of Generative AI, LLMs, AI agents, and secure system design. They will identify emerging risks, establish scalable security practices, and help define Medallia's long-term approach to securing AI-enabled products and platforms.
ResponsibilitiesAI Security Lead
- Serve as the technical authority for security reviews involving:
- Generative AI applications
- LLM-powered features
- AI agents
- Agentic workflows
- MCP (Model Context Protocol) integrations
- AI skills and marketplaces
- AI coding assistants
- Bring Your Own Model (BYOM) capabilities
- Define security requirements and guardrails for AI-enabled products and services.
- Evaluate emerging AI technologies and assess associated security risks.
- Partner with engineering and product teams to ensure AI features are secure by design.
Threat Modeling & Security Architecture
- Lead threat modeling efforts for critical product and platform initiatives.
- Establish and scale a threat modeling program across engineering organizations.
- Conduct security architecture reviews for high-risk and strategic initiatives.
- Develop security reference architectures, design patterns, and guidance for engineering teams.
- Identify systemic security risks and drive long-term remediation strategies.
Security Assurance
- Own and evolve Product Security assurance activities including:
- Security reviews
- Security assessments
- AI security reviews
- Security testing strategies
- Security requirements and standards
- Define risk-based approaches for evaluating emerging technologies.
- Partner with engineering teams to embed security validation throughout the SDLC.
Secure Development & Developer Enablement
- Establish secure development standards for AI-enabled applications.
- Drive adoption of secure coding practices across engineering teams.
- Develop scalable developer guidance and security enablement programs.
- Evaluate and implement approaches to improve security feedback during development, including AI-assisted security review capabilities.
Security Automation & Innovation
- Identify opportunities to automate security reviews and reduce manual effort.
- Partner with security tooling owners to improve developer experience and security coverage.
- Define metrics that measure effectiveness of AI security and security assurance programs.
- Evaluate emerging security technologies relevant to AI and modern software development.
Cross-Functional Influence
- Partner closely with Product, Engineering, Architecture, Data Science, Privacy, Legal, Compliance, and Operations teams.
- Influence technical direction through expertise and relationship-building.
- Mentor Staff and Senior Engineers in threat modeling, architecture reviews, and AI security.
Candidates based in the Buenos Aires vicinity will be prioritized as this role is Hybrid, 3 days per week onsite.
QualificationsMinimum Qualifications
- 12+ years of experience in Product Security, Application Security, Security Architecture, or Security Engineering.
- Proven experience operating at Staff or Senior Staff level within a technology organization.
- Demonstrated expertise in:
- Threat Modeling
- Security Architecture Reviews
- Application Security
- Cloud Security
- Secure SDLC
- Vulnerability Management
- Secure Design Principles
- Demonstated experience securing modern architectures including:
- APIs
- Microservices
- Kubernetes
- Containers
- Cloud-native platforms
- Demonstrated understanding of security frameworks and standards including:
- OWASP
- NIST
- SOC 2
- ISO 27001
- PCI DSS
- Demonstrated ability to influence engineering organizations and drive security outcomes without direct authority.
Preferred Qualifications
- Experience securing:
- Generative AI applications
- LLM-based products
- AI agents
- Agentic workflows
- MCP integrations
- Retrieval-Augmented Generation (RAG) systems
- Familiarity with AI security concepts including:
- Prompt Injection
- Indirect Prompt Injection
- Tool Abuse
- Agent Authorization
- Data Leakage
- Model Abuse
- AI Threat Modeling
- Experience developing security guidance for AI-enabled software development.
- Security certifications such as CISSP, CSSLP, GIAC, AWS Security Specialty, or equivalent.
At Medallia, we celebrate diversity and recognize the value it brings to our customers and employees. Medallia is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, age (40 and over), disability, genetic information, veteran status or military service, or any other status protected by state or local law. Individuals with a disability who need an accommodation to apply please contact us at ApplicantAccessibility@medallia.com. For information regarding how Medallia collects and uses personal information, please review our Privacy Policies. Applications will be accepted for 30 days from the date this role was posted or until the role has been filled.