Jobs · himalayas
Security Engineer
Keystone AI · United States · Posted 25d ago
About the role
Lead security review cycles and manage pentest programs for Keystone AI's digital trust services.
About Keystone AI Keystone AI (soon to be Youtrust) is a European Digital Trust provider, fully compliant with eIDAS and the highest European standards. Our three modules – electronic signatures, identity and document verification, and e-seals – can be used independently or combined within sector-specific workflows, ensuring simple, secure and legally compliant processes for SMEs and mid-sized companies. Hosted and processed entirely in Europe, we guarantee sovereignty, transparency and reliability. As a certified B-Corp, we combine innovation with responsibility – building trust at the heart of every digital exchange. We are entering a key moment as we expand from eSignature to the full Digital Trust chain. Your Role As a Security Engineer at Keystone AI , you are the embedded security partner for the entire company, with Product as your primary internal client. You lead Keystone AI 's security review cycle end-to-end on prioritized initiatives: from understanding the context of a new feature or project, to issuing your requirements and guidance, supporting implementation, and unblocking through risk management when needed. You own and operate the pentest and BugBounty programs and ensure consistent, pragmatic security coverage across all team initiatives, from Engineering and Product to cross-functional projects company-wide. You also step into the topics that make Keystone AI a Digital Trust provider: the security of our Trusted Zone, our fraud detection and prevention efforts, and our regulatory compliance (eIDAS, NIS2, ISO 27001). You won't own every one of these, but you contribute wherever the team needs you — your specialization defines where you spend most of your time, not a silo you stay inside. Your Responsibilities Lead the end-to-end security review cycle for all product features: context intake, Decision Records, implementation support, and risk-based unblocking. Own and operate Keystone AI 's BugBounty program: triage reports, drive remediation, and manage reward decisions. Identify, prioritise, and track remediation of vulnerabilities across Keystone AI 's product and infrastructure perimeter. Contribute to the security of the Trusted Zone, and to fraud detection and prevention, alongside the Security & Compliance team. Support regulatory compliance (eIDAS, NIS2, ISO 27001): help translate requirements into technical controls, and contribute to audits and remediation when needed. Extend security expertise beyond Product to all company initiatives: assess risks, issue guidance, and maintain a consistent security posture company-wide. Take part in the team's weekly on-call ("doctor") rotation, and build automation (n8n, AI tooling, alerting) to reduce manual toil. Raise the security bar across Engineering and beyond: share knowledge, coach teams on secure-by-design practices, and build security awareness. Your Profile You have deep, hands-on expertise in web application and API security, you know attack and defense mechanisms inside out and can spot a vulnerability in a PR or architecture diagram. You are able to independently run threat modeling sessions, produce clear Decision Records, and translate security risks into actionable requirements for engineering teams. You have experience managing vulnerabilities across a product perimeter: triaging, prioritising, tracking remediation, and knowing when to accept risk versus escalate. You have participated in or run BugBounty programs. You understand triage workflows, reward logic, and how to communicate decisions clearly to researchers. You use AI actively to automate parts of your security work, CVE monitoring, BugBounty triage, report generation, and you think critically about how to integrate AI into existing workflows rather than simply adding tools. You are comfortable working across domains. Your core is product security, but you are happy to contribute to compliance topics (eIDAS, NIS2, ISO 27001), to fraud detection and prevention, and to the security of a Trusted Zone. Prior exposure to a regulated or Digital Trust environment is a strong plus. You are genuinely self-sufficient: you pick up a brief, define the scope, and deliver without hand-holding. You are comfortable in ambiguous, fast-moving environments. You are pragmatic by nature. You do not block for the sake of blocking. You find the right balance between security rigour and business velocity, and you know when to escalate versus when to accept risk. You communicate clearly and simply. You can explain a complex vulnerability to a non-security engineer in two minutes, and you coach without being preachy. You are genuinely curious: you follow threat intel, participate in CTFs, and keep your technical edge sharp because you care about the craft. French at a native or near-native level (C2) is required. English at a professional working level (B2) is required for security research, technical documentation, and communication with international BugBounty researchers. Recruitment Process R1 — TAM Interview with
Read the full posting on himalayas →
FAQ
Is the Security Engineer role at Keystone AI remote?+
This Security Engineer position is listed as remote (United States).
What is the salary for the Security Engineer role at Keystone AI?+
The listing states Estimated 100k-231k USD.
What seniority level is this Security Engineer role?+
This is a senior level position.
How do I apply for the Security Engineer role at Keystone AI?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Keystone AI.