Security Engineer Intern, Application Security - Fall 2026

1Password is growing. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle Red Bull Racing.

At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work.

If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future.

Our Application Security team at 1Password is an exciting place to be - we’re responsible for product security throughout our SDLC which includes things like building new security tooling to enable developers to build securely, design review, code review, vulnerability management, running our external-facing bug bounty program, and pentesting. We’re looking for someone who’s curious about how things work, with a particular interest in software security or pentesting to help take our vulnerability management and bug bounty programs to the next level!

This is a remote opportunity within Canada or the US. This position will be for 4 months - September to December 2026.

• Validate incoming security findings from the broader research community using code analysis tooling or other industry standard pentesting tooling e.g. burpsuite.

• Work with engineering teams to remediate valid findings in our codebase (product). Respond to security researchers, help with public disclosure.

• Build or improve upon new automated workflows and tooling, leveraging LLMs for vulnerability triage, validation, remediation in any of rust, golang, python, etc.

• Confidence: A willingness to take on new challenges, and see them through to completion.

• Humility: You're not afraid to ask "stupid" questions and make mistakes (as long as you learn from them).

• Curiosity: You look for better ways of doing things, even if everyone seems happy with how they are.

• Teamwork: We work together, and succeed as a team!

• Software development experience in general, bonus points for rust, golang experience

• Previous experience working with any of Bug Bounty, Vulnerability Management or Pentesting programs at a Software Development or Software Security organization

Our Engineering, Product, and Design teams are thoughtfully integrating AI across the full software and product development lifecycle to move faster without sacrificing quality or security. In practice, that looks like engineers using AI-assisted coding tools to accelerate reviews and catch bugs earlier, product managers synthesizing user research at scale, and designers rapidly prototyping and iterating with AI-generated mockups. We approach AI the same way we approach security: with clear principles, human accountability at every consequential decision point, and rigorous evaluation before anything ships to customers.