Security Engineer, IrukaDark (Desktop AI Product) & High-Traffic Platform at CORe / IrukaDark
About IrukaDark: https://irukadark.com/
IrukaDark is a desktop AI assistant built for the small but constant tasks that slow down daily PC work.
With a simple shortcut, users can instantly summarize, translate, rewrite, proofread, understand copied text, organize notes, and process information without breaking their workflow.
Unlike long-running autonomous AI agents, IrukaDark is designed as a “Super-Sub AI”: fast, lightweight, always close to the user, and focused on helping people think, read, write, and work faster in the moment.
As IrukaDark expands globally, we are building a secure and scalable AI product that can support hundreds of millions of monthly requests, events, and user interactions. Security, privacy, reliability, and operational excellence are core parts of the product.
We are looking for a security engineer who can help us build and operate a trustworthy AI product at global scale.
About the Role
We are looking for a hands-on security engineer who can work across product security, application security, cloud security, AI security, privacy, and high-traffic operations.
This role is not limited to writing security policies or reviewing checklists. You will help design, review, and improve the systems that protect user data, AI workflows, APIs, infrastructure, logs, authentication, and real-time product operations.
You will work closely with the engineering and product teams to build security into the product while keeping the user experience fast and smooth.
This is intended for those who have experience using IrukaDark as a user. Without the user's perspective, it is impossible to develop excellent UX.
Responsibilities
・Review the security architecture of the IrukaDark desktop app, backend APIs, and cloud infrastructure
・Design security systems that can support hundreds of millions of monthly requests and events
・Identify risks related to local data, clipboard access, screen context, AI prompts, logs, API calls, and external integrations
・Improve authentication, authorization, session handling, API security, and abuse prevention
・Support secure integration with AI APIs and external services
・Design safe data handling policies for sensitive user information
・Improve secrets management, key handling, and secure configuration
・Build and improve vulnerability management processes
・Support monitoring, alerting, incident response, and post-incident reviews
・Review dependencies, supply chain risks, and deployment pipelines
・Conduct application security reviews, threat modeling, and security testing
・Prepare security documentation for enterprise customers
・Support SOC2 readiness and other security compliance initiatives
・Work with engineers to fix security issues without slowing down product development
Requirements
・Experience in security engineering, product security, application security, cloud security, or infrastructure security
・Experience securing production systems with meaningful traffic
・Understanding of web application security, API security, and cloud security
・Ability to review code, architecture, data flows, and system design from a security perspective
・Understanding of authentication, authorization, encryption, secrets management, logging, and monitoring
・Familiarity with common security risks such as data leakage, injection, insecure access control, misconfiguration, dependency vulnerabilities, and abuse patterns
・Ability to prioritize security risks based on real business and product impact
・Strong communication skills with both engineers and non-security stakeholders
・Interest in AI products, desktop applications, and privacy-focused product design
・Comfortable working remotely and independently
Nice to Have
・Experience operating or securing systems with hundreds of millions of monthly requests, events, or user interactions
・Experience with AWS, GCP, Azure, Cloudflare, Kubernetes, Docker, or serverless environments
・Experience with WAF, DDoS protection, rate limiting, bot protection, and abuse prevention
・Experience securing desktop applications for macOS or Windows
・Experience with Electron, Tauri, TypeScript, JavaScript, Python, or backend API systems
・Experience with LLM security, prompt injection, data leakage prevention, or AI safety reviews
・Experience with SOC2, ISO 27001, GDPR, or enterprise security reviews
・Experience with penetration testing, vulnerability assessment, or security automation
・Experience building security processes for SaaS or AI products
・Experience writing security documentation for enterprise customers
Security Areas
This role may cover:
・Product security
・Application security
・Cloud security
・API security
・Desktop app security
・AI API and LLM security
・Data privacy and data handling
・Authentication and authorization
・Secrets management
・Abuse prevention and rate limiting
・DDoS protection and WAF configuration
・Dependency and supply chain security
・Logging, monitoring, and incident response
・SOC2 readiness
・Enterprise security documentation
Why Join Us
・Work on a global AI product with real security and scalability challenges
・Help build systems designed to support hundreds of millions of monthly requests and events
・Protect a product that handles user context, AI workflows, and sensitive information
・Work closely with engineering and product teams
・Build security into the product experience, not just the backend
・Support enterprise readiness and global expansion
・Flexible remote work
・Opportunity to grow into a Product Security Lead, Security Architect, or Head of Security role as the product scales