Senior Product Security Engineer

Summary

Join HackerOne's new Product Security team as one of the first two members and play a key role in shaping the future of security within the engineering organization. As a Product Security Engineer, you will lead initiatives to strengthen defenses and ensure product resilience against evolving threats. You will work cross-functionally, advocating for security best practices and earning stakeholder buy-in. This role involves owning security features, leading initiatives, mentoring engineers, and systematically improving security weaknesses. The position is primarily remote with occasional in-person requirements in London, UK, and surrounding areas. HackerOne offers a competitive salary, equity, and a comprehensive benefits package.

Requirements

• 5+ years of experience in Product Security, securing applications, infrastructure, and cloud environments
• Technical leadership, with the ability to earn trust and drive security initiatives through expertise and collaboration
• Proficiency in InfoSec Best Practices and experience implementing security controls across software and infrastructure
• Hands-on experience with Ruby/Ruby on Rails and JavaScript/TypeScript
• Experience with CI/CD tools such as GitLab CI/CD, GitHub Actions, or Jenkins
• Strong understanding of PostgreSQL

Responsibilities

• Own security-related features, ensure alignment with engineering goals, and clearly document key decisions
• Lead security initiatives, influencing best practices and fostering a culture of security awareness across engineering teams
• Advocate for a pragmatic approach to security, balancing business needs with risk mitigation strategies
• Mentor and support engineers, sharing knowledge on security best practices, threat modeling, and secure coding principles

Preferred Qualifications

• Experience with GraphQL + React security considerations
• Familiarity with security monitoring tools like Sentry and Datadog
• Knowledge of Terraform and Infrastructure as Code (IaC) security best practices
• Expertise in containerization & cloud security, including securing Kubernetes and cloud-native environments
• Experience working with cloud and on-prem platforms (Azure, AWS, GCP, VMWare, Kubernetes) and implementing security controls

Benefits

• Health (medical, vision, dental), life, and disability insurance
• Equity stock options
• Retirement plans
• Paid public holidays and unlimited PTO
• Paid maternity and parental leave
• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)
• Employee Assistance Program
• Flexible Work Stipend
• Remote work, flexible hours