Senior AI Security Engineer

Obsidian Security is the leading SaaS security platform trusted by global enterprises like Snowflake T-Mobile and Algolia. We protect 200 organizations across North America Europe the Middle East Southeast Asia Australia and New Zealand including many of the worlds largest Fortune 1000 and Global 2000 companies.

Founded in 2017 and backed by top investors like Greylock Obsidian was built to close a critical gap: securing SaaS apps where business happensMicrosoft 365 Salesforce and hundreds more. The company does this by offering a complete SaaS security platform to reduce risk detect and respond to threats and prevent breaches at the source. Obsidian was built by leaders who redefined endpoint and identity security at CrowdStrike Okta Cylance and Carbon Black. Now theyre transforming how SaaS is secured.

With AI driving rapid SaaS growth and complexity agentic AI tools gain privileged access to sensitive data through integrations creating new risks most security tools miss. Obsidian uniquely detects anomalous OAuth token activity and manages integration risks. Major announcements are on the horizon. Recognizing that SaaS security needs to evolve Obsidian enables growing organizations to start with a lightweight prevention-focused browser extension and expand coverage over time.

With global momentum a growing partner ecosystem including SentinelOne Databricks and Google Cloud and a major fundraise ahead Obsidian is scaling rapidly toward long-term growth and IPO readiness.

About the Role

• This is a security-depth role on our Manchester engineering team. We collect rich telemetry from hundreds of SaaS and AI platforms and were looking for someone who can look at that data and ask questions no one has asked before.
• Your core contribution is security insight: understanding how SaaS and AI platforms are built how theyre abused and how the signals we collect can be used in novel ways to solve real customer security problems. Youll work alongside a team of data engineers advising on whats worth detecting and building prototype approaches to prove it out.
• You need to be a competent engineer comfortable writing SQL Python and working with large datasets not at the level of a dedicated data engineer but independently capable. Your edge is security knowledge and creative thinking; the data skills are the table stakes that let you exercise it.

What youll do

• Develop deep expertise in how major SaaS and AI platforms are structured how they handle identity and access and where security risk concentrates then translate that into detection and posture logic for our product.
• Look across the telemetry we collect and identify novel ways to use it: new signals new correlations new approaches to catching misconfigurations or risky behaviour that existing tools miss.
• Advise the engineering team on what security controls matter and why acting as the security compass that helps the team prioritise what to build.
• Prototype new detection approaches in SQL and Python to validate ideas before theyre productised.
• Stay close to the attacker perspective tracking how threats against SaaS and AI platforms evolve and ensuring our coverage stays ahead of them.
• Debug security-related issues in customer environments bringing both data fluency and security judgment to ambiguous problems.

What were looking for

Requirements:

• 4 years in cybersecurity with a focus on SaaS platforms cloud security identity systems or application security.
• A track record of original thinking youve found things other people missed whether in research red teaming bug bounty or product security work.
• Strong understanding of how SaaS platforms (Google Workspace Microsoft 365 Salesforce Okta or similar) work under the hood: API structures permission models authentication flows.
• Solid SQL and Python skills you wont be the one building the pipelines but you need to be able to query large datasets write detection logic and prototype ideas end-to-end without leaning on the data engineers to do it for you.
• Ability to communicate complex security concepts clearly to an engineering audience.

Nice to Have

• Experience with AI/LLM platforms (ChatGPT Enterprise Copilot Gemini Claude etc.) from a security perspective.
• Familiarity with dbt Clickhouse or Databricks.
• Experience working in a product security or security research function at a security vendor.
• Published research CVEs conference talks or bug bounty work demonstrating independent security thinking.

Why Join Us

• Work on one of the most forward-looking problems in enterprise security SaaS and AI platform risk is largely unsolved and growing fast.
• Have a direct influence on what Obsidian detects and how your security insight shapes the product roadmap.
• Learn from and contribute to a team that includes some of the people who defined endpoint and identity security.
• Ideas move fast here youll go from concept to customer impact in weeks not quarters.
• Work for a Silicon Valley-headquartered company without leaving Manchester your security insights will ship into a product protecting some of the worlds largest organisations.