Senior AI Security Engineer

Obsidian Security is the leading SaaS security platform, trusted by global enterprises like Snowflake, T-Mobile, and Algolia. We protect 200+ organizations across North America, Europe, the Middle East, Southeast Asia, Australia, and New Zealand, including many of the world’s largest Fortune 1000 and Global 2000 companies.

Founded in 2017 and backed by top investors like Greylock, Obsidian was built to close a critical gap: securing SaaS apps where business happens—Microsoft 365, Salesforce, and hundreds more. The company does this by offering a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Obsidian was built by leaders who redefined endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black. Now, they’re transforming how SaaS is secured.

With AI driving rapid SaaS growth and complexity, agentic AI tools gain privileged access to sensitive data through integrations, creating new risks most security tools miss. Obsidian uniquely detects anomalous OAuth token activity and manages integration risks. Major announcements are on the horizon. Recognizing that SaaS security needs to evolve, Obsidian enables growing organizations to start with a lightweight, prevention-focused browser extension and expand coverage over time.

With global momentum, a growing partner ecosystem including SentinelOne, Databricks, and Google Cloud, and a major fundraise ahead, Obsidian is scaling rapidly toward long-term growth and IPO readiness.

About the Role

• This is a security-depth role on our Manchester engineering team. We collect rich telemetry from hundreds of SaaS and AI platforms — and we're looking for someone who can look at that data and ask questions no one has asked before.
• Your core contribution is security insight: understanding how SaaS and AI platforms are built, how they're abused, and how the signals we collect can be used in novel ways to solve real customer security problems. You'll work alongside a team of data engineers, advising on what's worth detecting and building prototype approaches to prove it out.
• You need to be a competent engineer — comfortable writing SQL, Python, and working with large datasets — not at the level of a dedicated data engineer, but independently capable. Your edge is security knowledge and creative thinking; the data skills are the table stakes that let you exercise it.

What you'll do

• Develop deep expertise in how major SaaS and AI platforms are structured, how they handle identity and access, and where security risk concentrates — then translate that into detection and posture logic for our product.
• Look across the telemetry we collect and identify novel ways to use it: new signals, new correlations, new approaches to catching misconfigurations or risky behaviour that existing tools miss.
• Advise the engineering team on what security controls matter and why — acting as the security compass that helps the team prioritise what to build.
• Prototype new detection approaches in SQL and Python to validate ideas before they're productised.
• Stay close to the attacker perspective — tracking how threats against SaaS and AI platforms evolve and ensuring our coverage stays ahead of them.
• Debug security-related issues in customer environments, bringing both data fluency and security judgment to ambiguous problems.

What we're looking for

Requirements:

• 4+ years in cybersecurity, with a focus on SaaS platforms, cloud security, identity systems, or application security.
• A track record of original thinking — you've found things other people missed, whether in research, red teaming, bug bounty, or product security work.
• Strong understanding of how SaaS platforms (Google Workspace, Microsoft 365, Salesforce, Okta, or similar) work under the hood: API structures, permission models, authentication flows.
• Solid SQL and Python skills — you won't be the one building the pipelines, but you need to be able to query large datasets, write detection logic, and prototype ideas end-to-end without leaning on the data engineers to do it for you.
• Ability to communicate complex security concepts clearly to an engineering audience.

Nice to Have

• Experience with AI/LLM platforms (ChatGPT Enterprise, Copilot, Gemini, Claude, etc.) from a security perspective.
• Familiarity with dbt, Clickhouse, or Databricks.
• Experience working in a product security or security research function at a security vendor.
• Published research, CVEs, conference talks, or bug bounty work demonstrating independent security thinking.

Why Join Us

• Work on one of the most forward-looking problems in enterprise security — SaaS and AI platform risk is largely unsolved and growing fast.
• Have a direct influence on what Obsidian detects and how — your security insight shapes the product roadmap.
• Learn from and contribute to a team that includes some of the people who defined endpoint and identity security.
• Ideas move fast here — you'll go from concept to customer impact in weeks, not quarters.
• Work for a Silicon Valley-headquartered company without leaving Manchester — your security insights will ship into a product protecting some of the world's largest organisations.