Senior Security Engineer, Application Security

About 1Password

At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work.

If you're excited about contributing to the digital safety of millions, working alongside curious, driven individuals, and solving hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future.

The Role: Senior Security Engineer, Application Security

We are excited to welcome a Senior Engineer to join our Application Security team at 1Password. Application Security enables 1Password to build and deliver secure products with confidence. We’re responsible for the Security Engineering around Product Development - things like Static and Dynamic Application Security Testing, Pentesting, Security AI Tooling, our Bug Bounty Program, Vulnerability Management, and more.

As part of the Application Security team, this Senior Security Engineer, Application Security will primarily focus on building and maturing our Vulnerability Management Program, whose mission is to continuously identify, assess, prioritize, and drive remediation of security vulnerabilities across our products, platforms, and infrastructure — ensuring that 1Password maintains the highest standards of trust and safety for our users.

As part of this program, the Senior Security Engineer, Application Security will:

• Design, build, integrate and scale new security solutions to power our vulnerability management program.
• Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources.
• Develop and maintain comprehensive dashboards and reporting metrics around our vulnerability management program, tailored to different audiences (technical, non-technical, compliance, senior leadership, etc.)
• Conduct detailed analysis used to inform security development teams to eliminate classes of vulnerabilities.
• Partner with product and development teams to improve vulnerability triage workflows, validate findings, and come up with remediation strategies consistent with good user experiences.
• Contribute to the design of risk-scoring and SLA models that align with business priorities.
• Mentor other engineers and help shape the evolution of our vulnerability management strategy.

This is a remote opportunity within Canada and the US.

What We're Looking For

• You have 5+ years of career experience in IT or Engineering with a security focus.
• You have a passion for and strong experience with any of: bug bounty programs, vulnerability research, validation, remediation or pentesting.
• You have experience with internal tool development and engineering enablement.
• You have a strong foundational understanding of software development principles, and are comfortable reading and writing code.
• You work well in a team environment with positive communications amongst a variety of technical and non-technical stakeholders.
• You are comfortable owning and setting technical direction for small to medium sized initiatives.
• You’re adaptable and resilient, thriving in fast-paced environments with shifting priorities.

Bonus Points For

• Experience with Rust and/or Golang, or a demonstrated ability to pick up new languages quickly.
• Experience with popular compliance standards and certifications (e.g. SOC2, ISO, PCI).
• Experience building or maintaining vulnerability management programs in medium to large sized organizations.

Key skills/competency

• Application Security
• Vulnerability Management
• Bug Bounty Programs
• Penetration Testing
• Security Engineering
• Software Development Principles
• Risk Scoring
• SLA Models
• Internal Tool Development
• Remediation Strategies