Job Overview
Location
Remote - Canada
Job Type
Full-time
Category
Security Engineer
Date Posted
May 21, 2026
Full Job Description
đź“‹ Description
- • Lead active red teaming, penetration testing, and adversarial analysis across Spellbook’s AI-powered legal workflow platform, including Microsoft Word integrations, cloud infrastructure, and LLM-based features.
- • Conduct original security research focused on legal AI, LLM security, prompt injection, data leakage, model misuse, and tool abuse in transactional legal environments.
- • Partner with R&D and Engineering teams to perform threat modeling and secure design reviews for new products, features, AI workflows, and third-party integrations.
- • Own end-to-end management of external vulnerability reports, including bug bounty submissions, responsible disclosure, researcher communication, triage, validation, prioritization, and remediation tracking.
- • Coordinate and supervise third-party penetration tests, red team exercises, audits, and other external security assessments to validate platform resilience.
- • Support Security Operations during incident response by reproducing exploits, validating impact, assessing exposure scope, and recommending technical remediation.
- • Drive the maturity of Spellbook’s security programs by defining and improving repeatable processes for security research, vulnerability management, and red teaming practices.
- • Engage with frontier AI labs, external security researchers, vendors, and industry communities to stay current on emerging threats to AI systems and legal technology.
- • Publish technical writeups, security advisories, blog posts, or conference talks on AI security research aligned with company priorities and ethical disclosure standards.
- • Surface trust boundaries, abuse cases, and data exposure risks early in the product development lifecycle to prevent vulnerabilities before deployment.
- • Translate complex security findings into clear technical reports, executive summaries, and remediation guidance for engineers, product managers, and leadership.
- • Distinguish between theoretical security risks and practical threats, focusing teams on mitigating the highest-impact vulnerabilities in a fast-moving AI product environment.
- • Maintain strict confidentiality and judgment when handling sensitive legal documents, client data, and proprietary AI models under NDA and regulatory obligations.
- • Collaborate across departments to embed security-by-design principles into AI training pipelines, document handling workflows, and customer-facing interfaces.
- • Ensure alignment with evolving compliance frameworks including SOC 2, GDPR, HIPAA, and emerging AI governance standards relevant to legal data privacy.
- • Provide guidance on secure AI product development practices, particularly around LLM inputs/outputs, retrieval-augmented generation, and agent-based contract automation systems.
- • Act as a senior individual contributor with broad influence across engineering, product, and operations teams, driving security posture without direct management authority.
- • Respond to evolving threat landscapes with urgency, ambiguity, and autonomy, balancing proactive research with reactive incident support.
- • Contribute to security awareness and training initiatives within the company to elevate collective understanding of AI-specific risks among non-security teams.
- • Maintain hands-on technical proficiency in testing modern web applications, APIs, authentication systems, cloud services, and distributed architectures.
- • Develop proof-of-concept exploits or clear technical demonstrations to validate the real-world impact of identified vulnerabilities.
- • Advocate for customer-centric security outcomes by prioritizing risk reduction that directly protects legal teams and their confidential client data.
- • Represent Spellbook’s security stance in external engagements while upholding the company’s commitment to responsible disclosure and ethical research practices.
🎯 Requirements
- • Strong experience in application security, red teaming, penetration testing, vulnerability research, product security, or offensive security.
- • Hands-on experience testing modern web applications, APIs, authentication flows, authorization models, cloud services, and distributed systems.
- • Experience developing proof-of-concept exploits or clear technical demonstrations to validate security impact.
- • Firm grasp of common software security risks, secure design principles, identity and access controls, data protection, and secure development practices.
- • Experience partnering with engineering, product, or R&D teams to triage, prioritize, and remediate vulnerabilities end-to-end.
- • Excellent written and verbal communication skills, with the ability to write clear technical reports, executive summaries, remediation guidance, and public-facing research.
🏖️ Benefits
- • Access to company-paid group benefits for you and your family, including $1,000 towards mental health support.
- • Generous time off policies, including a company-wide holiday closure and monthly paid meals.
- • Annual wellness allowance to support personal well-being and parental leave top-ups.
- • Competitive stock option grants as a pivotal early employee.
Skills & Technologies
Senior
Remote
About Spellbook Legal Inc.
Spellbook Legal is a legal technology company that leverages artificial intelligence to assist legal professionals. Their core product is an AI-powered drafting tool designed to help lawyers generate, review, and analyze legal documents more efficiently. By integrating with existing legal workflows, Spellbook aims to reduce the time and cost associated with legal work, making legal services more accessible and improving productivity for law firms and in-house legal departments. The company operates within the rapidly growing legal tech industry, focusing on innovation and the application of advanced AI to transform legal practice.
Get more remote jobs like this
Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.
Newsletter
Weekly remote jobs and featured talent.
No spam. Only curated remote roles and product updates. You can unsubscribe anytime.
