Application Security Lead

Hightouch is an Agentic Marketing Platform powered by the industry-leading Composable CDP. With complete brand context, customer data, and performance history in one place, every marketer finally has the power to build and ship end-to-end campaigns themselves. Teams move faster, stay on brand, and get AI marketing that actually works.

Founded in 2019 and headquartered in San Francisco, Hightouch enables marketing teams to analyze performance, brainstorm ideas, and generate creative at a speed and quality that wasn't previously possible.

Named a Leader in the 2026 Gartner® Magic Quadrant™ for Customer Data Platforms, Hightouch is trusted by leading enterprises like Domino's, Spotify, Aritzia, Cars.com, Ramp, and PetSmart.

At Hightouch, our mission is to help our customers leverage data and AI to grow their businesses. The team is ambitious, impact-driven, efficient — and we believe humility, kindness, and compassion are essential to our success. If you're energized by velocity, obsessed with raising the bar, and want to build alongside people who care deeply about each other and our customers, we'd love to meet you.

This is our first dedicated security hire, and it's a rare chance to define the function from the ground up. You'll own Hightouch's application security posture end-to-end. We have strong engineering fundamentals and a solid foundation; now you'll shape what security looks like here as we scale from 70 to 140+ engineers.

This is a hands-on, high-autonomy role. You'll spend most of your time in the codebase, not in meetings. You’ll be solving hard problems at the intersection of security and distributed systems:

• Multi-tenant isolation on a system running ~1M data syncs per day and ingesting 100K+ events/sec
• Sub-tenant access control - for multi-team and multi-brand use cases, requiring differentiated access to configuration and data
• Security architecture - Build and refine our frameworks for compute isolation and perform threat modeling and hardening of new products
• Internet-facing APIs - Our high-throughput, internet-facing architecture services customer data at scale. You’ll improve our rate limiting, abuse detection, and granularity of access control
• Multi-Region and Multi-Cloud - Supporting our multi-region and multi-cloud backend, including extending it to launch Hightouch on in new regions to support data residency requirements of our global customer base

You'll own your roadmap. We're not looking for someone to run a checklist — we're looking for someone who can look at our architecture, identify the highest-leverage problems, and go fix them.

You’ve been an early security hire at a SaaS company before and moved the needle on how they approach security. You can read application code, threat model a distributed system, and ship production fixes. You have significant distributed systems expertise so that you can understand and influence what is being built by the product teams and influence from a place of trust.

Experience that's relevant:

• Being an early security hire (first 1-3) at a SaaS or data infrastructure company
• Securing multi-tenant platforms: tenant isolation, authorization models, etc
• Cloud security on systems that span more than one cloud and operate against customer-owned accounts
• Design and build of data infrastructure as an early engineer, not just a user. You helped secure it from early design or during major redesigns. You understand how it scales and how it’s secured
• Privacy-adjacent security (PII handling, data residency, GDPR/CCPA technical controls)

We don't care about certifications. We care about what you've built.

Hightouch participates in E-Verify. After you join the team, we'll verify your eligibility to work in the U.S. by submitting information from your Form I-9 to the Social Security Administration and, if needed, the Department of Homeland Security. This process happens post-hire only — we never use E-Verify to pre-screen applicants.

E-Verify Notice
E-Verify Notice (Spanish)
Right to Work Notice
Right to Work Notice (Spanish)