Job Description

**About IrukaDark** : [https://irukadark.com/](https://)
IrukaDark is a desktop AI assistant built for the small but constant tasks
that slow down daily PC work.

With a simple shortcut, users can instantly summarize, translate, rewrite,
proofread, understand copied text, organize notes, and process information
without breaking their workflow.

Unlike long-running autonomous AI agents, IrukaDark is designed as a “Super-
Sub AI”: fast, lightweight, always close to the user, and focused on helping
people think, read, write, and work faster in the moment.

As IrukaDark expands globally, we are building a secure and scalable AI
product that can support hundreds of millions of monthly requests, events, and
user interactions. Security, privacy, reliability, and operational excellence
are core parts of the product.

We are looking for a security engineer who can help us build and operate a
trustworthy AI product at global scale.

**About the Role**
We are looking for a hands-on security engineer who can work across product
security, application security, cloud security, AI security, privacy, and
high-traffic operations.

This role is not limited to writing security policies or reviewing checklists.
You will help design, review, and improve the systems that protect user data,
AI workflows, APIs, infrastructure, logs, authentication, and real-time
product operations.

You will work closely with the engineering and product teams to build security
into the product while keeping the user experience fast and smooth.

This is intended for those who have experience using IrukaDark as a user.
Without the user's perspective, it is impossible to develop excellent UX.

**Responsibilities**
・Review the security architecture of the IrukaDark desktop app, backend APIs,
and cloud infrastructure
・Design security systems that can support hundreds of millions of monthly
requests and events
・Identify risks related to local data, clipboard access, screen context, AI
prompts, logs, API calls, and external integrations
・Improve authentication, authorization, session handling, API security, and
abuse prevention
・Support secure integration with AI APIs and external services
・Design safe data handling policies for sensitive user information
・Improve secrets management, key handling, and secure configuration
・Build and improve vulnerability management processes
・Support monitoring, alerting, incident response, and post-incident reviews
・Review dependencies, supply chain risks, and deployment pipelines
・Conduct application security reviews, threat modeling, and security testing
・Prepare security documentation for enterprise customers
・Support SOC2 readiness and other security compliance initiatives
・Work with engineers to fix security issues without slowing down product
development

**Requirements**
・Experience in security engineering, product security, application security,
cloud security, or infrastructure security
・Experience securing production systems with meaningful traffic
・Understanding of web application security, API security, and cloud security
・Ability to review code, architecture, data flows, and system design from a
security perspective
・Understanding of authentication, authorization, encryption, secrets
management, logging, and monitoring
・Familiarity with common security risks such as data leakage, injection,
insecure access control, misconfiguration, dependency vulnerabilities, and
abuse patterns
・Ability to prioritize security risks based on real business and product
impact
・Strong communication skills with both engineers and non-security stakeholders
・Interest in AI products, desktop applications, and privacy-focused product
design
・Comfortable working remotely and independently

**Nice to Have**
・Experience operating or securing systems with hundreds of millions of monthly
requests, events, or user interactions
・Experience with AWS, GCP, Azure, Cloudflare, Kubernetes, Docker, or
serverless environments
・Experience with WAF, DDoS protection, rate limiting, bot protection, and
abuse prevention
・Experience securing desktop applications for macOS or Windows
・Experience with Electron, Tauri, TypeScript, JavaScript, Python, or backend
API systems
・Experience with LLM security, prompt injection, data leakage prevention, or
AI safety reviews
・Experience with SOC2, ISO 27001, GDPR, or enterprise security reviews
・Experience with penetration testing, vulnerability assessment, or security
automation
・Experience building security processes for SaaS or AI products
・Experience writing security documentation for enterprise customers

**Security Areas**
This role may cover:

・Product security
・Application security
・Cloud security
・API security
・Desktop app security
・AI API and LLM security
・Data privacy and data handling
・Authentication and authorization
・Secrets management
・Abuse prevention and rate limiting
・DDoS protection and WAF configuration
・Dependency and supply chain security
・Logging, monitoring, and incident response
・SOC2 readiness
・Enterprise security documentation

**Why Join Us**
・Work on a global AI product with real security and scalability challenges
・Help build systems designed to support hundreds of millions of monthly
requests and events
・Protect a product that handles user context, AI workflows, and sensitive
information
・Work closely with engineering and product teams
・Build security into the product experience, not just the backend
・Support enterprise readiness and global expansion
・Flexible remote work
・Opportunity to grow into a Product Security Lead, Security Architect, or Head
of Security role as the product scales