Senior Security Engineer, Application Security

About 1Password

1Password is experiencing unprecedented growth, having surpassed $400M in ARR and earning a spot on the Forbes Cloud 100 for four consecutive years. We are a market leader in enterprise password management and pioneers of Extended Access Management (EAM), a new cybersecurity category designed for modern work environments. Our human-centric approach to security has earned us the trust of over 180,000 businesses, including Fortune 100 companies and innovative AI firms, helping them securely leverage SaaS and AI tools.

If you are passionate about contributing to digital safety, working with a driven team, and solving complex problems in a fast-paced environment, we encourage you to apply. Join us in shaping a safer, simpler digital future.

About the Application Security Team

We are seeking a Senior Engineer to join our Application Security team. This team is crucial for enabling 1Password to build and deliver secure products with confidence. Our responsibilities encompass Security Engineering around product development, including Static and Dynamic Application Security Testing (SAST/DAST), Pentesting, Security AI Tooling, our Bug Bounty Program, and Vulnerability Management.

Key Responsibilities

As a Senior Security Engineer, Application Security, your primary focus will be on building and maturing our Vulnerability Management Program. This program aims to continuously identify, assess, prioritize, and drive remediation of security vulnerabilities across our products, platforms, and infrastructure, ensuring the highest standards of trust and safety for our users.

• Design, build, integrate, and scale new security solutions to power our vulnerability management program.
• Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources.
• Develop and maintain comprehensive dashboards and reporting metrics tailored for various audiences (technical, non-technical, compliance, senior leadership).
• Conduct detailed analysis to inform security development teams, helping eliminate classes of vulnerabilities.
• Partner with product and development teams to improve vulnerability triage workflows, validate findings, and strategize remediation consistent with positive user experiences.
• Contribute to the design of risk-scoring and SLA models aligned with business priorities.
• Mentor other engineers and help shape the evolution of our vulnerability management strategy.

What We're Looking For

• You have 5+ years of career experience in IT or Engineering with a security focus.
• You possess a strong passion for and experience with bug bounty programs, vulnerability research, validation, remediation, or pentesting.
• You have experience with internal tool development and engineering enablement.
• You have a strong foundational understanding of software development principles and are comfortable reading and writing code.
• You work effectively in a team environment with positive communication among diverse technical and non-technical stakeholders.
• You are comfortable owning and setting technical direction for small to medium-sized initiatives.
• You are adaptable and resilient, thriving in fast-paced environments with shifting priorities.

Bonus Points For

• Experience with Rust and/or Golang, or a demonstrated ability to learn new languages quickly.
• Experience with popular compliance standards and certifications (e.g., SOC2, ISO, PCI).
• Experience building or maintaining vulnerability management programs in medium to large organizations.

Compensation

This is a remote opportunity within Canada and the US. For USA-based roles, the annual base salary ranges between $156,000 USD and $210,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k, PTO), an equity grant, and incentive programs. For Canada-based roles, the annual base salary ranges between $143,000 CAD and $193,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP, PTO), an equity grant, and incentive programs. 1Password ensures fair market value and internal equity commensurate with experience and skill set.

Our Culture

At 1Password, we prioritize collaboration, transparent communication, receptiveness to feedback, and alignment with our core values: keep it simple, lead with honesty, and put people first. We challenge the status quo, experiment, and iterate to find the best solutions. This is a demanding, fast-paced environment that strives for excellence. We seek individuals keen on tackling challenging problems, seeking feedback for growth, and driven to make an impact. We value proven experts and adaptable individuals who thrive in ambiguity, are curious, and deliver results.

How We Work With AI

We are committed to leveraging cutting-edge technology, including AI, to achieve our mission. We encourage team members at all levels to learn AI best practices, identify application opportunities, and drive innovative solutions daily. Embracing AI is essential to our success. Candidates are welcome to use AI tools responsibly and thoughtfully during the application process.

Our Approach to Remote Work

While we are a remote-first company founded in 2005, we believe in the importance of in-person connection. Travel for in-person engagement is part of almost all roles, including annual department offsites, team meetings, and customer/industry events. Remote work at 1Password means working from your home country (Canada or the US for this role).

What We Offer

We believe in rewarding hard work through our comprehensive benefits:

• Health and Wellbeing: Maternity and parental leave top-up programs, competitive health benefits, generous PTO policy.
• Growth and Future: RSU program for most employees, retirement matching program, free 1Password account.
• Community: Paid volunteer days, peer-to-peer recognition through Bonusly, remote-first work environment.

Key skills/competency

• Vulnerability Management
• Application Security
• Security Engineering
• Bug Bounty Programs
• Pentesting
• Security Tool Development
• Security Automation
• Risk Scoring Models
• Software Development
• Vulnerability Remediation