Senior Product Security Engineer

HackerOne is the global leader in human-powered security, harnessing the creativity of the world’s largest community of security researchers with cutting-edge AI to protect your digital assets. The HackerOne Platform combines the expertise of our elite community and the most up-to-date vulnerability database to pinpoint critical security flaws across your attack surface. Our integrated solutions, including bug bounty, pentesting, code security audits, spot checks, and AI red teaming, ensure continuous vulnerability discovery and management throughout the software development lifecycle. Trusted by industry leaders such as Coinbase, General Motors, GitHub, Goldman Sachs, Hyatt, PayPal, and the U.S. Department of Defense, HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

Join the HackerOne family to champion a safer internet! As a Product Security Engineer, you’ll be at the core of our security efforts, leading initiatives that strengthen our defenses and ensuring our products remain resilient against evolving threats.

We’re building a brand-new Product Security team at HackerOne. As one of the first two members, you’ll play a key role in shaping the future of security within our engineering organization. We’ve already brought on an internal hire, and now we’re looking for an external expert to join forces and establish a strong foundation.

We’re a team that values continuous learning and a security-first mindset. We collaborate to strengthen our defenses and drive engineering excellence. Our key partners include the Product Engineering, Security, Data, Compliance, and IT teams.

In this role, you’ll work cross-functionally within your squad and across the company, advocating for security best practices and earning stakeholder buy-in with a service-driven approach. You’ll take ownership, identify risks, lead new initiatives, and systematically improve security weaknesses in your squad’s codebase—helping to define and grow this new team from the ground up.

At HackerOne, we embrace a Flexible Work approach, enabling our team members to work remotely while maintaining productivity and collaboration. We are seeking candidates located in London, UK, and the surrounding metropolitan areas, to facilitate occasional in-person interactions as needed. While the position is primarily remote, there will be periodic in-person requirements to support team collaboration and foster stronger connections. This approach ensures flexibility while providing opportunities to build meaningful in-person relationships that strengthen our team and company culture.

• In your first week, you'll get your bearings, familiarize yourself with our processes, and make your first code contribution.

• After three months, your technical prowess will be recognized, you'll have built trust within the Core Engineering team, and you'll be sharing your insights at our knowledge-sharing events.

• Own security-related features, ensure alignment with engineering goals, and clearly document key decisions.

• Lead security initiatives, influencing best practices and fostering a culture of security awareness across engineering teams.

• Advocate for a pragmatic approach to security, balancing business needs with risk mitigation strategies.

• Mentor and support engineers, sharing knowledge on security best practices, threat modeling, and secure coding principles.

• 5+ years of experience in Product Security, securing applications, infrastructure, and cloud environments.

• Technical leadership, with the ability to earn trust and drive security initiatives through expertise and collaboration.

• Proficiency in InfoSec Best Practices and experience implementing security controls across software and infrastructure.

• Hands-on experience with Ruby/Ruby on Rails and JavaScript/TypeScript

• Experience with CI/CD tools such as GitLab CI/CD, GitHub Actions, or Jenkins. 

• Strong understanding of PostgreSQL

• Experience with GraphQL + React security considerations.

• Familiarity with security monitoring tools like Sentry and Datadog

• Knowledge of Terraform and Infrastructure as Code (IaC) security best practices.

• Expertise in containerization & cloud security, including securing Kubernetes and cloud-native environments.

• Experience working with cloud and on-prem platforms (Azure, AWS, GCP, VMWare, Kubernetes) and implementing security controls.

Compensation Bands:

London, UK

£88K – £105K • Offers Equity

#LI-Remote

#LI-HM1

Job Benefits:

• Health (medical, vision, dental), life, and disability insurance*

• Equity stock options

• Retirement plans

• Paid public holidays and unlimited PTO

• Paid maternity and parental leave

• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)

• Employee Assistance Program

• Flexible Work Stipend

*Eligibility may differ by country

We are a Circle Back Initiative Employer and commit to responding to every applicant.

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

HackerOne Values

HackerOne commits to maintaining a strong, inclusive culture built for our employees and our community of hackers. We are driven by our five core values. We recognize that our mission is bigger than us, and therefore act with integrity at all times. As a team, we believe that transparency builds trust so we default to disclosure in our communications. Each individual executes with excellence, creating an environment of greater alignment and greater autonomy. We win as a team and respect all people to empower everyone to learn from each other, innovate, and grow.