Senior Security Engineer, Vulnerability Management

1Password is growing. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle Red Bull Racing.

At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work.

If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future.

We are excited to welcome a Senior Engineer to join our new Vulnerability Management team at 1Password. Vulnerability Management helps enable 1Password to build and deliver secure products with confidence. We own the end-to-end vulnerability lifecycle including our centralized platform, from identification to remediation and reporting. This includes our bug bounty program, pentesting, supply chain management, and more.

As part of the Vulnerability Management team, this Senior Engineer will focus on rapidly maturing and scaling our vulnerability management program with new agentic AI tooling and workflows, while implementing new vulnerability identification and remediation strategies across our products, platforms, and infrastructure — ensuring that 1Password maintains the highest standards of trust and safety for our users.

As part of this program, the Senior Security Engineer will:

• Design, build, integrate and scale new security solutions to power our vulnerability management program.

• Develop and maintain tools that correlate, enrich, and prioritize security vulnerability findings from multiple data sources.

• Develop and maintain comprehensive dashboards and reporting metrics around our vulnerability management program, tailored to different audiences (technical, non-technical, compliance, senior leadership, etc.)

• Conduct detailed analysis used to inform security development teams to eliminate classes of vulnerabilities.

• Partner with product and development teams to improve vulnerability triage workflows, validate findings, and come up with remediation strategies consistent with good user experiences.

• Contribute to the design of risk-scoring and SLA models that align with business priorities.

• Evaluate, build, and pilot AI-powered tools and workflows that improve the efficiency and effectiveness of vulnerability detection and remediation.

• Mentor other engineers and help shape the evolution of our vulnerability management strategy.

This is a remote opportunity within Canada and the US.

• You have 5+ years of career experience in IT or Engineering with a security focus

• You have a passion for and strong experience with any of: bug bounty programs, vulnerability research, validation, remediation or pentesting

• You have experience leveraging AI/ML capabilities to accelerate security workflows, automate repetitive tasks, or enhance detection and remediation efforts

• You have experience with internal tool development and engineering enablement

• You have a strong foundational understanding of software development principles, and are comfortable reading and writing code

• You work well in a team environment with positive communications amongst a variety of technical and non-technical stakeholders

• You are comfortable owning and setting technical direction for small to medium sized initiatives

• You’re adaptable and resilient, thriving in fast-paced environments with shifting priorities

• Experience with Rust and/or Golang, or a demonstrated ability to pick up new languages quickly.

• Experience with popular compliance standards and certifications (e.g. SOC2, ISO, PCI)

• Experience building or maintaining vulnerability management programs in medium to large sized organizations

• Familiarity with Software Bill of Materials (SBOMs) and their application in vulnerability management and software supply chain risk

USA-based roles only: The annual base salary for this role is between $153,000 USD and $214,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

Canada-based roles only: The annual base salary for this role is between $144,000 CAD and $202,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set.

This posting is for an existing vacancy.

1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love.

Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at nextbit@agilebits.com and we’ll work to meet your needs.

Remote work is a part of our DNA. Given that our company was founded remotely in 2005, we can safely say we're experts at building remote culture. That said, remote work at 1Password does mean working from your home country. If you've got questions or concerns about this, your talent partner would be happy to address them with you.

Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law.

1Password uses artificial intelligence (AI) and machine learning (ML) technologies, including natural language processing and predictive analytics, to assist in the initial screening of employment applications and improve our recruitment process. See here for the latest third party bias audit information. If you prefer not to have your application assessed using AI/ML features, you may opt out by completing this form. For additional information see our Candidate Privacy Notice.