Product Security Engineer

Founded in 2012, H2O.ai is on a mission to democratize AI. As the worlds leading agentic AI company, H2O.ai converges Generative and Predictive AI to help enterprises and public sector agencies develop purpose-built GenAI applications on their private data. With a focus on Sovereign AI—secure, compliant, and infrastructure-flexible deployments—H2O.ai delivers solutions that align with the highest standards of data privacy and control.Our open-source technology is trusted by over 20,000 organizations worldwide, including more than half of the Fortune 500. H2O.ai powers AI transformation for companies like AT&T, Commonwealth Bank of Australia, Chipotle, Workday, Progressive Insurance, and NIH.H2O.ai partners include NVIDIA, Dell Technologies, Deloitte, Ernst & Young (EY), Snowflake, AWS, Google Cloud Platform (GCP), VAST Data and MinIO. H2O.ais AI for Good program supports nonprofit groups, foundations, and communities in advancing education, healthcare, and environmental conservation. With a vibrant community of 2 million data scientists worldwide, H2O.ai aims to co-create valuable AI applications for all users.H2O.ai has raised $256 million from investors, including Commonwealth Bank, NVIDIA, Goldman Sachs, Wells Fargo, Capital One, Nexus Ventures and New York Life.About This OpportunityH2O.ai is seeking a Product Security Engineer to join our Cloud Platform team and help scale our vulnerability management and security compliance operations. As H2O.ai serves highly regulated enterprises including major financial institutions and government agencies, maintaining robust security posture across our cloud platform is critical to customer success.You'll operationalize security practices across our containerized platform, manage vulnerability assessments for customer deployments, and ensure compliance with frameworks like FedRAMP, SOC2, and banking regulatory requirements. This role combines security engineering, cross-functional coordination, and customer-facing technical work to enable secure AI deployments at scale.This is an opportunity to build expertise in enterprise security operations while working with cutting-edge cloud-native technologies and making a direct impact on how Fortune 500 companies and government agencies deploy AI securely.This position is based in Sri Lanka.What You Will DoAnalyze and triage vulnerability scan results from various security tools, investigating findings to understand actual risk and exploitability in contextWork directly with engineering teams to understand remediation options, evaluate fix approaches, and coordinate timely resolution of security issuesRoute vulnerabilities to component owners and actively track remediation progress, following up to ensure completion within required timeframesSupport FedRAMP continuous monitoring processes, including monthly POA&M management and compliance reportingEngage with customer security teams to address vulnerability findings, reconcile scan results, and support deployment approvalsMaintain and extend our vulnerability management tooling and automation infrastructureAssess risk levels and communicate security findings to technical and non-technical stakeholdersSupport container image security controls and Kubernetes security policies across customer environmentsContribute to security documentation, runbooks, and compliance artifacts for customer auditsParticipate in security incident response and customer escalations as neededWhat We Are Looking For2-4 years of experience in application security, product security, or DevSecOps rolesStrong understanding of container security, vulnerability management, and CVE assessmentAbility to analyze vulnerability findings deeply - understanding exploit paths, affected components, and contextual riskHands-on experience with security scanning toolsFamiliarity with Kubernetes security concepts and best practicesExperience with compliance frameworks (FedRAMP, SOC2, ISO 27001, or banking regulations) preferredScripting and automation skills (Python, Bash, & Go) to maintain security toolingExcellent written and verbal communication skills for cross-functional coordination with engineering teamsStrong follow-through and ability to drive remediation efforts across multiple teamsDetail-oriented mindset with ability to manage multiple priorities and deadlinesCustomer-focused approach with ability to translate technical security findings into business contextSelf-motivated and able to work effectively in a remote-first environmentWhy H2O.ai?Make an impact - Were shipping a product that matters, and your work will be front and center.Fast learning environment - Youll be mentored by a Senior Engineer and work with some of the most in-demand tech in the industry.Cutting-edge tech stack - Kubernetes, Go, Python, microservices, and real-time data.Startup energy + stability - The best of both worlds: the excitement of shipping fast with the stability of an established company.Flexible working hours and remote-friendly policies.Sounds exciting? Lets talk! Were looking for smart, curious engineers who are ready to take on the challenge! Apply now and help us shape the future of enterprise AI software. H2O.ai is committed to creating a diverse and inclusive culture. All qualified applicants will receive consideration for employment without regard to their race, ethnicity, religion, gender, sexual orientation, age, disability status or any other legally protected basis.H2O.ai is an innovative AI cloud platform company, leading the mission to democratize AI for everyone. Thousands of organizations from all over the world have used our cutting-edge technology across a variety of industries. Weve made it easy for people at all levels to generate breakthrough solutions to complex business problems and advance the discovery of new ideas and revenue streams. We push the boundaries of what is possible with artificial intelligence. H2O.ai employs the worlds top Kaggle Grandmasters, the community of best-in-the-world machine learning practitioners and data scientists. A strong AI for Good ethos and responsible AI drive the companys purpose.Please visit

Created: 2026-03-07