Security Engineer

About HighspotHighspot is pioneering the category that is fundamentally changing the way companies increase sales productivity. On a mission to transform the way millions of people work with sales enablement, Highspot is committed to building breakthrough software with a spark of magic. We believe a great place to work is about more than the work – it’s about what the company stands for, and how it authentically represents its values in the real world. To this end, we have put intentional focus on creating equitable workspaces for each of our employees. Our goal is to create a culture where everyone feels a deep sense of belonging and is empowered to be an agent of change, with the ability to transform themselves, their workplace, and their world.
About the RoleWe’re expanding our world-class global Security team as part of our Trust Program, and we’re looking for versatile, practical Security Engineers to join our rapidly growing Security organization in Seattle or Vancouver, BC. As our engineering presence scales, we’re looking for Security Engineers in North America to ensure deeper coverage, strengthen collaboration with product and infrastructure teams, and uphold the trust of our customers around the world.
In this dynamic and cross-functional role, you’ll gain broad exposure by engaging in diverse projects spanning multiple security domains: application security, infrastructure scanning, security operations, and incident response. Your day-to-day may include securing our product, conducting security validation and vulnerability remediation, managing real-world security incidents, and building out our detection and response capabilities through automation, curiosity, and hands-on engineering.
You’ll work closely with IT, Product Engineering, and Infrastructure teams as part of our global Security team. In your first 3–6 months, you’ll collaborate deeply with existing team members across the US and India, with strong support and guided onboarding, building toward increased independence while contributing to a globally distributed, inclusive, and high-trust team culture.

What You'll Do

• Contribute to application security assessments, threat modeling, and secure code reviews across product features, internal tools, endpoints, and third-party integrations.
• Partner directly with product engineering to implement secure-by-default and privacy-by-design best practices within our software development lifecycle (SDLC).
• Actively participate in, investigate, and respond to security incidents, including detection, triage, containment, and root cause analysis.
• Gain experience and mentorship from seasoned security professionals while contributing to a growing, collaborative, and high-impact global security team.
• Build and refine security detection rules, automate response workflows, and optimize alert management across cloud environments, corporate infrastructure, and SaaS ecosystem.
• Contribute to internal security projects, security-centered engineering follow-ups, and respond effectively to vulnerabilities identified by internal teams and external sources.
• Continuously enhance tooling, visibility, and workflows for security across our environments (e.g., Github, DAST/SAST, infrastructure scanners, SIEM/SOAR, etc.)
• Document finding, decisions, and processes clearly, contributing to security playbooks and knowledge bases.
• Respond to security requests via internal channels and contribute to sprint-led initiatives, balancing strategic priorities with day-to-day execution and security operations.
• Participate in on-call rotations to maintain continuous security coverage and promptly respond to incidents, ensuring the security and resilience of our 24x7 platform and global workforce.
• This position reports directly to the Head of Global Security in Seattle, Washington, USA.

Your Background

• 4+ years of progressive experience in one or more of the following domains: security engineering, application security, DevSecOps, detection and response, or adjacent security disciplines with a track record of cross-functional engagement.
• Working knowledge of at least one programming language (Python, Ruby, Go, Rust, JavaScript) and comfortable reading and critically reviewing code in languages you may not have deep proficiency in.
• Familiarity with cloud-native architectures (e.g., AWS, containers, microservices) and an understanding of common cloud security risks and mitigations.
• Hands-on experience with deploying, operating, and interpreting results from security tools such as static analyzers, web vulnerability scanners, supply chain analysis scanners, and host-based intrusion detection systems.
• Understanding of CI/CD environments and ability to integrate security into DevOps workflows. 
• Operational familiarity with incident response, SIEM/SOAR, or security operations/engineering functions. 
• A proactive mindset with strong ownership, a growth-oriented learning approach, and a passion for staying ahead of evolving security challenges and technologies.

Base salary range: $118,000 - $158,000 CAD. Employees are eligible to receive stock options and may also receive other forms of compensation.
The above represents total expected compensation for this role. Actual compensation will depend on various job-related factors, including, but not limited to, location, experience, and job qualifications.
Highspot also offers the following employee benefits for this position:-Comprehensive medical, dental, vision, disability, and life benefits-Group Retirement Savings Plan (RRSP) and matching employer contributions (DPSP) with immediate vesting-Flexible PTO-Generous Holiday Schedule + 5 Days for Annual Holiday Week-Quarterly Recharge Fridays (paid days off for mental health recharge)-Flexible work schedules-Access to Coaches and Therapists through Modern Health-2 Volunteer days per year-Monthly transportation allowance for employees who work in our Vancouver Hub location
#LI-JL1
Equal Opportunity StatementWe are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of any grounds protected by applicable human rights legislation, which may include age, ancestry, citizenship, color, ethnicity, family status, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or invisible disabilities, political belief, race, religion, or sexual orientation.
Did you read the requirements as a checklist and not tick every box? Don't rule yourself out! If this role resonates with you, hit the ‘apply’ button."