Senior Product Security Engineer
Employment Information
Report this job
Job expired or something wrong with this job?
Job Description
Senior Product Security Engineer ensuring the security posture of n8n's innovative open-source SaaS platform. Collaborating with engineering teams to embed security across all product areas.
Responsibilities:
- Own and operate n8n’s vulnerability intake and triage process, including the **[email protected]** inbox
- Design, improve, and run a robust Vulnerability Disclosure Program (VDP) with clear SLAs and escalation paths
- Coordinate private fixes for high-severity issues and manage coordinated disclosure timelines
- Create and manage GitHub Security Advisories (GHSA)
- Coordinate bug bounty payouts and researcher communication for validated findings
- Define and operate patch and release processes for security fixes, including customer-specific timelines where required
- Evaluate, implement, and maintain security tooling across the SDLC (SAST, DAST, dependency scanning, container scanning, SBOMs)
- Own configuration, tuning, and triage workflows for existing tools (currently Aikido)
- Plan and manage third-party penetration tests, including scoping, vendor coordination, and remediation tracking
- Conduct internal security assessments and lightweight red-team or tabletop exercises appropriate to company scale
- Lead coordination of security incidents from detection through resolution
- Drive incident tracking and remediation workflows in Linear
- Author security advisories and contribute to internal and external post-incident reviews
- Communicate clearly, calmly, and empathetically with customers and users during security incidents, in partnership with engineering and leadership
- Define and maintain security policies, standards, and public-facing disclosure documentation
- Manage relationships with security researchers and bug bounty platforms (e.g., HackerOne, Bugcrowd)
- Track industry trends, emerging vulnerabilities, and relevant research, proactively applying learnings to n8n’s environment
- Help shape longer-term security strategy and roadmap in collaboration with engineering leadership
- Embed security into the software development lifecycle through threat modeling, design reviews, and pragmatic guardrails
- Advise engineering teams on secure coding practices and common vulnerability patterns
- Produce clear, actionable security documentation for internal engineering audiences
- Partner closely with product and engineering teams across Nodes, AI Core, Cloud, and other areas to ensure security considerations are built in early
Requirements:
- 5+ years of experience in product security, application security, or a closely related role (or equivalent demonstrated impact)
- Hands-on experience with vulnerability management and disclosure workflows
- Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10)
- Experience implementing and operating security tooling (SAST, DAST, dependency and container scanning)
- Familiarity with coordinated vulnerability disclosure and security advisories
- Proven ability to write clear security documentation and communicate with both technical and non-technical audiences
- Experience engaging with security researchers or bug bounty programs**
- Nice-to-haves
- Experience securing SaaS platforms in cloud-native environments
- Familiarity with JavaScript/TypeScript and the Node.js ecosystem
- Experience working in high-growth or open-source-adjacent companies
- Knowledge of DevSecOps practices and CI/CD security integration
- Experience with threat modeling methodologies
- Relevant security certifications (e.g., OSCP, CISSP, CEH)
Benefits:
- Competitive compensation 💸 – We offer fair and attractive pay.
- Ownership 💪 – Our core value is to “empower others,” and we mean it—you’ll get a slice of n8n with equity.
- Work/life balance 🏖️ – We work hard but ensure you have time to recharge:
- Europe: 30 days of vacation, plus public holidays wherever you are.
- US: 15 vacation days, 8 sick days, plus public holidays wherever you are.
- Health & wellness 🩺 –
- Europe: We provide benefits according to local country norms.*
- US: Multiple low-premium, low-deductible medical plans with coverage for individuals and families—plus a no-cost premium HDHP option with a pre-seeded HSA—along with dental and vision coverage.
- Future planning 💰 –
- Europe: We provide pension contributions according to local country norms.*
- US: 401(k) retirement plan with a 4% employer match.
- Financial security 🛡️ –
- Europe: We provide benefits according to local country norms.*
- US: Company-paid short-term and long-term disability insurance, plus life insurance to support you and your loved ones.
- Career growth 📈 – We hire rising stars who grow with us! You’ll get €1K (or equivalent) per year to spend on courses, books, events, or coaching to level up your skills.
- A passionate team 🤩 – We love our product, and we prove it with regular hackathons where we see who can build the coolest thing with it!
- Remote-first 🌏 – Our team works remotely across Europe, with regular off-sites for team bonding. Some roles, like sales in the US, are hybrid—please check the job description.
- Giving back 🤝 – We're big fans of open source, and you'll get $100 per month to support projects you care about.
- AI enablement 🤖 – We believe in working smarter—everyone gets an unlimited AI budget to explore and use the best tools to boost productivity and creativity.
- Transparency 🙏 – We all know what everyone’s working on, how the company is doing—the whole shebang.
- An ambitious but kind culture 😍 – People love working here—our eNPS for 2024 is 94!
Similar Jobs
Security Engineer
Security Engineer responsible for deploying secure infrastructure and SIEM solutions. Collaborating with MSSP clients and teams to enhance security practices.
Chief Information Security Officer
Chief Information Security Officer focusing on governance and risk management in fintech company. Responsible for implementing information security management systems under ISO 27001 standards.
Cybersecurity Governance Analyst
Governance Analyst contributing to Cybersecurity governance at SailPoint. Involve in policy documentation and compliance activities aligned with industry best practices.
Senior Cloud Cyber Security Engineer
Senior Cloud Cyber Security Engineer designing secure cloud architectures and ensuring compliance for Sentara Health. Conducting security assessments and collaborating with cross-functional teams to enhance cloud security.
Senior Manager, Product Security
Senior Manager of Product Security at Amgen developing strategies to counter threats to the global supply chain. Responsible for overseeing security initiatives and collaborating across diverse teams.
Account Executive – Cybersecurity, Risk Assurance
Account Executive managing complex B2B sales for Sensiba’s cybersecurity and risk assurance services. Focusing on ISO/IEC 27001, SOC 1, and SOC 2 engagements with C-suite executives.
Social Security Claims Specialist
Social Security Specialist at Lincoln Financial handling Social Security Disability Insurance claims. Acts as liaison between internal teams, claimants, and legal representation.
Senior Manager, Cloud Security Consultant
Senior Manager in cloud security at PwC focusing on cybersecurity threats. Leading development and implementation of cloud security strategies with advanced technologies.
Adjunct Faculty, Fundamentals of Networking – Cybersecurity
Adjunct Faculty teaching online course Fundamentals of Networking at UMGC. Engaging adult learners and fostering collaboration in a remote setting.
IT Sales Manager – Modern Infrastructure, Cyber Security, Managed Services
IT Sales Manager responsible for driving B2B sales in Modern Infrastructure, Cyber Security, and Managed Services. Collaborating with consulting teams and establishing new markets in Germany.
Head of Compliance – HIPAA and Security
Head of Compliance (HIPAA) leading strategic legal support and data governance for Bask Health. Overseeing compliance frameworks, training, and regulatory adherence in a remote setup.
Security Engineer
Security Engineer protecting Serve’s delivery platform and infrastructure while collaborating with IT and engineering teams. Ensuring security best practices across cloud infrastructure and applications.
Member of Technical Staff – Security
First dedicated security hire responsible for building security practices at AI infrastructure company. Defining company-wide security strategy and collaborating with engineering and research teams.
Cybersecurity Engineer
Cybersecurity Engineer responsible for maintaining security in compliance-driven environments for Teal. Protecting clients through security monitoring, vulnerability management, and incident response.
Cybersecurity Lead
Lead Cybersecurity Strategy at Intersect, safeguarding critical systems in a cloud-first environment. Collaborate cross-functionally to integrate security practices for innovative energy solutions.
Principal, Multicloud Data Center Solutions – AI, Data Security & Resilience
Lead development of solutions for enterprise Multicloud/Data Center, AI & Data and Security & Resilience at Dell Technologies. Engage with customers and drive transformative technology solutions.
Lead Security Officer – Rotational
Lead Security Officer ensuring health, safety and security for clients in remote settings. Providing oversight, training, and recommendations based on security operations.
Security Officer, Seasonal
Remote Security Officer monitoring and patrolling assigned areas for safety and security. Working in remote settings where health, safety, and security is a priority.
Platform Engineer, Security
Platform & Security Engineer responsible for IT infrastructure and security at Cosuno. Leading compliance and operational excellence in a remote role.
Security and Threat Operations Engineer
Security and Threat Operations Engineer protecting the fintech environment at OnePay. Collaborating with teams to proactively identify and respond to security threats.