Founded in 2012, H2O.ai is on a mission to democratize AI. As the world’s leading agentic AI company, H2O.ai converges Generative and Predictive AI to help enterprises and public sector agencies develop purpose-built GenAI applications on their private data. With a focus on Sovereign AI—secure, compliant, and infrastructure-flexible deployments—H2O.ai delivers solutions that align with the highest standards of data privacy and control.

Our open-source technology is trusted by over 20,000 organizations worldwide, including more than half of the Fortune 500. H2O.ai powers AI transformation for companies like AT&T, Commonwealth Bank of Australia, Chipotle, Workday, Progressive Insurance, and NIH.

H2O.ai partners include NVIDIA, Dell Technologies, Deloitte, Ernst & Young (EY), Snowflake, AWS, Google Cloud Platform (GCP), VAST Data and MinIO. H2O.ai’s AI for Good program supports nonprofit groups, foundations, and communities in advancing education, healthcare, and environmental conservation. With a vibrant community of 2 million data scientists worldwide, H2O.ai aims to co-create valuable AI applications for all users.

H2O.ai has raised $256 million from investors, including Commonwealth Bank, NVIDIA, Goldman Sachs, Wells Fargo, Capital One, Nexus Ventures and New York Life.

About This Opportunity

H2O.ai is seeking a Product Security Engineer to join our Cloud Platform team and help scale our vulnerability management and security compliance operations. As H2O.ai serves highly regulated enterprises including major financial institutions and government agencies, maintaining robust security posture across our cloud platform is critical to customer success.

You'll operationalize security practices across our containerized platform, manage vulnerability assessments for customer deployments, and ensure compliance with frameworks like FedRAMP, SOC2, and banking regulatory requirements. This role combines security engineering, cross-functional coordination, and customer-facing technical work to enable secure AI deployments at scale.

This is an opportunity to build expertise in enterprise security operations while working with cutting-edge cloud-native technologies and making a direct impact on how Fortune 500 companies and government agencies deploy AI securely.

What You Will Do

• Analyze and triage vulnerability scan results from various security tools, investigating findings to understand actual risk and exploitability in context
• Work directly with engineering teams to understand remediation options, evaluate fix approaches, and coordinate timely resolution of security issues
• Route vulnerabilities to component owners and actively track remediation progress, following up to ensure completion within required timeframes
• Support FedRAMP continuous monitoring processes, including monthly POA&M management and compliance reporting
• Engage with customer security teams to address vulnerability findings, reconcile scan results, and support deployment approvals
• Maintain and extend our vulnerability management tooling and automation infrastructure
• Assess risk levels and communicate security findings to technical and non-technical stakeholders
• Support container image security controls and Kubernetes security policies across customer environments
• Contribute to security documentation, runbooks, and compliance artifacts for customer audits
• Participate in security incident response and customer escalations as needed

What We Are Looking For

• 2-4 years of experience in application security, product security, or DevSecOps roles
• Strong understanding of container security, vulnerability management, and CVE assessment
• Ability to analyze vulnerability findings deeply - understanding exploit paths, affected components, and contextual risk
• Hands-on experience with security scanning tools
• Familiarity with Kubernetes security concepts and best practices
• Experience with compliance frameworks (FedRAMP, SOC2, ISO 27001, or banking regulations) preferred
• Scripting and automation skills (Python, Bash, & Go) to maintain security tooling
• Excellent written and verbal communication skills for cross-functional coordination with engineering teams
• Strong follow-through and ability to drive remediation efforts across multiple teams
• Detail-oriented mindset with ability to manage multiple priorities and deadlines
• Customer-focused approach with ability to translate technical security findings into business context
• Self-motivated and able to work effectively in a remote-first environment

Why H2O.ai?

• Make an impact – We’re shipping a product that matters, and your work will be front and center.
• Fast learning environment – You’ll be mentored by a Senior Engineer and work with some of the most in-demand tech in the industry.
• Cutting-edge tech stack – Kubernetes, Go, Python, microservices, and real-time data.
• Startup energy + stability – The best of both worlds: the excitement of shipping fast with the stability of an established company.
• Flexible working hours and remote-friendly policies.

Sounds exciting? Let’s talk! We’re looking for smart, curious engineers who are ready to take on the challenge! Apply now and help us shape the future of enterprise AI software.

H2O.ai is committed to creating a diverse and inclusive culture. All qualified applicants will receive consideration for employment without regard to their race, ethnicity, religion, gender, sexual orientation, age, disability status or any other legally protected basis.

H2O.ai is an innovative AI cloud platform company, leading the mission to democratize AI for everyone. Thousands of organizations from all over the world have used our cutting-edge technology across a variety of industries. We’ve made it easy for people at all levels to generate breakthrough solutions to complex business problems and advance the discovery of new ideas and revenue streams. We push the boundaries of what is possible with artificial intelligence. 

H2O.ai employs the world’s top Kaggle Grandmasters, the community of best-in-the-world machine learning practitioners and data scientists. A strong AI for Good ethos and responsible AI drive the company’s purpose.