What are the responsibilities and job description for the AI Security Engineer position at Obsidian Security?
Obsidian Security is the leading SaaS security platform, trusted by global enterprises like Snowflake, T-Mobile, and Algolia. We protect 200 organizations across North America, Europe, the Middle East, Southeast Asia, Australia, and New Zealand, including many of the world’s largest Fortune 1000 and Global 2000 companies.
Founded in 2017 and backed by top investors like Greylock, Obsidian was built to close a critical gap: securing SaaS apps where business happens—Microsoft 365, Salesforce, and hundreds more. The company does this by offering a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Obsidian was built by leaders who redefined endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black. Now, they’re transforming how SaaS is secured.
With AI driving rapid SaaS growth and complexity, agentic AI tools gain privileged access to sensitive data through integrations, creating new risks most security tools miss. Obsidian uniquely detects anomalous OAuth token activity and manages integration risks. Major announcements are on the horizon. Recognizing that SaaS security needs to evolve, Obsidian enables growing organizations to start with a lightweight, prevention-focused browser extension and expand coverage over time.
With global momentum, a growing partner ecosystem including SentinelOne, Databricks, and Google Cloud, and a major fundraise ahead, Obsidian is scaling rapidly toward long-term growth and IPO readiness.
About The Role
AI is the fastest-moving attack surface in the enterprise. Copilot, ChatGPT Enterprise, Gemini, Claude, and a wave of agentic tools are being wired into corporate SaaS faster than security teams can keep up — with broad OAuth scopes, opaque data flows, and non-human identities acting on behalf of employees. Obsidian sits directly in the path of this shift.
As an AI Security Engineer, you'll define how Obsidian understands, identifies, and mitigates risk in AI and agentic platforms. You'll own the threat models and data modeling that protect customers — and you'll work in the data yourself, because in this space the security judgment and the query are inseparable.
What You'll Do
Base Salary Range: £155,000 GBP - £180,000 GBP
Founded in 2017 and backed by top investors like Greylock, Obsidian was built to close a critical gap: securing SaaS apps where business happens—Microsoft 365, Salesforce, and hundreds more. The company does this by offering a complete SaaS security platform to reduce risk, detect and respond to threats, and prevent breaches at the source. Obsidian was built by leaders who redefined endpoint and identity security at CrowdStrike, Okta, Cylance, and Carbon Black. Now, they’re transforming how SaaS is secured.
With AI driving rapid SaaS growth and complexity, agentic AI tools gain privileged access to sensitive data through integrations, creating new risks most security tools miss. Obsidian uniquely detects anomalous OAuth token activity and manages integration risks. Major announcements are on the horizon. Recognizing that SaaS security needs to evolve, Obsidian enables growing organizations to start with a lightweight, prevention-focused browser extension and expand coverage over time.
With global momentum, a growing partner ecosystem including SentinelOne, Databricks, and Google Cloud, and a major fundraise ahead, Obsidian is scaling rapidly toward long-term growth and IPO readiness.
About The Role
AI is the fastest-moving attack surface in the enterprise. Copilot, ChatGPT Enterprise, Gemini, Claude, and a wave of agentic tools are being wired into corporate SaaS faster than security teams can keep up — with broad OAuth scopes, opaque data flows, and non-human identities acting on behalf of employees. Obsidian sits directly in the path of this shift.
As an AI Security Engineer, you'll define how Obsidian understands, identifies, and mitigates risk in AI and agentic platforms. You'll own the threat models and data modeling that protect customers — and you'll work in the data yourself, because in this space the security judgment and the query are inseparable.
What You'll Do
- Develop deep expertise in how AI platforms (ChatGPT Enterprise, Copilot, Gemini, Claude, Glean, agentic frameworks) authenticate, what scopes they request, and where risk concentrates.
- Research emerging AI attack techniques — prompt injection, tool/agent misuse, RAG poisoning, over-permissioned integrations — and turn them into detections and posture checks.
- Build threat models covering identity, data access, non-human identities, and integration risk.
- Prototype and ship product features end-to-end against Obsidian's AI and SaaS telemetry.
- Build and improve data pipelines for high efficiency, development velocity, and low cost.
- 3 years in security engineering as a builder, with clear ownership of shipped work.
- Strong grasp of identity and access control concepts
- Hands-on experience with a modern data stack (DBT and a columnar warehouse or query engine such as ClickHouse, Snowflake, BigQuery, or Databricks).
- Clear communicator across engineers, PMs, and customer security teams.
- Strong grasp of how SaaS platforms (Google Workspace, Microsoft 365, Salesforce, Okta) expose data — APIs, event schemas, permissions, auth flows.
- Deep knowledge of AI and SaaS security — OWASP LLM Top 10, MITRE ATLAS, prompt injection, agent/tool-use risks, OAuth abuse, and identity models across major AI and SaaS platforms.
Base Salary Range: £155,000 GBP - £180,000 GBP
Salary : $155,000