Senior Security Engineer, Threat Intelligence

Senior Security Engineer, Threat Intelligence at 1Password

1Password is experiencing unprecedented growth, surpassing $400M in ARR and consistently earning a spot on the Forbes Cloud 100. As a leading brand in cybersecurity, 1Password is dedicated to building a safe, productive digital future by enabling secure identity, application sign-in, and trusted device access for over 180,000 businesses globally. We pioneered Extended Access Management, focusing on human-centric security solutions in a fast-paced, dynamic environment. Join us to contribute to the digital safety of millions and help shape a simpler, safer digital future.

As a Senior Security Engineer, Threat Intelligence on the Detection & Response team, you will focus on deeply understanding adversary behavior, misuse scenarios, and real-world threats. Your role involves translating this intelligence into practical, operational outcomes, ensuring the team is well-informed, prepared, and capable of acting on critical threats. This position directly strengthens how 1Password detects, responds to, and validates its defenses. This hands-on role emphasizes tactical intelligence, operational relevance, and strong cross-functional collaboration with Detection Engineering, Incident Response, and other security teams to embed timely, actionable intelligence into daily security operations. This role reports to the Manager of Detection & Response.

What To Expect

• Research, track, and assess the threat landscape by analyzing relevant threat actors, campaigns, and behaviors affecting 1Password’s attack surface, identity systems, brand, third-party ecosystem, and insider risk scenarios.
• Analyze and prioritize information to develop actionable intelligence that informs detection coverage, hunting activities, and response readiness.
• Partner with Detection Engineering to design and validate threat-based detections, including through adversary emulation, simulation, or controlled testing.
• Use automation and scripting to improve how threat intelligence is collected, enriched, distributed, and actioned across Security workflows.
• Curate and deliver threat intelligence reporting for both technical teams and executive stakeholders, helping inform prioritization, investment decisions, and security strategy.
• Build and maintain repeatable threat intelligence processes, workflows, and documentation that scale with the Detection & Response program.
• Participate directly in security operations by triaging alerts, supporting investigations, managing incidents, and contributing to post-incident learning.

Who You Are

• Operationally minded, with a strong instinct for turning intelligence into concrete security outcomes.
• Comfortable working across the full lifecycle of security events, from alert triage to incident coordination and learning.
• Able to think like an adversary while remaining grounded in defensive priorities and business risk.
• A clear, calm communicator who can distill complex threat scenarios for engineers and senior leaders alike.
• Collaborative, curious, and motivated by improving security through learning, validation, and iteration.

What We're Looking For

• 5+ years of experience in technical security engineering roles, with 3+ years focused on threat intelligence.
• Strong understanding of modern attacker TTPs, including cloud-native, SaaS, identity-focused, and insider-adjacent threat patterns.
• Experience developing intelligence requirements, prioritization frameworks, analysis workflows, and emulation scenarios.
• Hands-on experience with scripting or automation (e.g., Python, APIs, SOAR workflows) to improve operational efficiency and cross-team execution.
• Ability to produce concise, high-quality written intelligence, including executive-level summaries that drive prioritization and strategy.
• Familiarity with security telemetry, logs, and investigative workflows used by detection and response teams.
• Willingness to participate in an on-call rotation and support security incidents during high-severity or off-hours events.

1Password offers competitive compensation packages. For USA-based roles, the annual base salary ranges from $156,000 USD to $210,000 USD, plus benefits, paid time off, and an equity grant. For Canada-based roles, the annual base salary ranges from $143,000 CAD to $193,000 CAD, plus benefits, paid time off, and an equity grant. Compensation is assessed based on fair market value, internal equity, experience, and specific skill set.

Our Culture

At 1Password, we prioritize collaboration, clear communication, feedback, and core values: keep it simple, lead with honesty, and put people first. We seek individuals who challenge the status quo, are eager to experiment, and thrive in a fast-paced environment. We value proven expertise, adaptability, curiosity, and a drive to deliver results.

How We Work With AI

We are committed to leveraging AI to achieve our mission, actively learning best practices and identifying opportunities for innovation. Embracing AI is essential to our success. Candidates are welcome to use AI tools responsibly during the application process. We use AI/ML for initial application screening, with an opt-out option available.

Our Approach to Remote Work

1Password is a remote-first company, founded remotely in 2005. This role supports remote work from your home country (USA or Canada). Travel for in-person engagement, such as annual offsites, team meetings, and customer events, is an expected part of the role.

What We Offer

We believe in rewarding hard work with comprehensive benefits, including:

• 👶 Maternity and parental leave top-up programs
• 🩺 Competitive health benefits
• 🏝 Generous PTO policy
• 📈 RSU program for most employees
• 💸 Retirement matching program
• 🔑 Free 1Password account
• 🤝 Paid volunteer days
• 🏆 Peer-to-peer recognition through Bonusly
• 🌎 Remote-first work environment

1Password is an equal opportunity employer, committed to fostering an inclusive, diverse, and equitable workplace. Accommodation is available upon request during the recruitment process.

Key skills/competency

• Threat Intelligence
• Adversary Emulation
• Detection Engineering
• Incident Response
• Security Operations
• Threat Hunting
• Python Scripting
• API Automation
• Risk Assessment
• Security Strategy