Sr Product Security Engineer

The AI orchestration of your wildest imagination. n8n is the open workflow orchestration platform built for the new era of AI. We give technical teams the freedom of code with the speed of no-code, so they can automate faster, smarter, and without limits. Backed by a fiercely inventive community and 500+ builder-approved integrations, we’re changing the way people bring systems together and scale ideas for impact. Since our founding in 2019, we’ve grown into a diverse team of over 160 - working across Europe and the US, connected by a shared builder spirit and with our centre of gravity in Berlin. Along the way, we’ve: Cultivated a community of more than 650,000 active developers and builders Earned 145k+ GitHub stars, making us one of the world’s Top 40 most popular projects Been ranked as one of Europe’s most promising privately held SaaS startups (4th in Sifted’s 2025 B2B SaaS Rising 100) Raised $240m to date, from Sequoia’s first German seed to our recent $180m Series C - bringing us to a $2.5bn valuation And are grateful for our 94 eNPS score (most companies would call 70 excellent) That’s the company we’ve built. Now we’d love to see what you can build. If you’re applying, try n8n out - whether you’re technical or not - and share a screenshot of your first workflow with us. The easiest place to start is here: app.n8n.cloud/register. We’re in a defining moment of an incredible journey. Come and build with us. We are seeking a Senior Product Security Engineer to join our engineering organization as our first dedicated security hire. In this role, you will take primary ownership of n8n’s product security posture and work closely with the VP of Engineering to establish security as a core pillar of our engineering culture. This is a foundational role with significant autonomy and influence. You will define priorities, design processes, and implement pragmatic security practices that scale with a fast-growing, open-source-driven SaaS platform. While you will initially operate as a senior individual contributor, this role has the potential to evolve as n8n grows. You will partner with a 50+ person engineering organization across multiple product areas, acting as both a hands‑on security expert and a trusted advisor who enables teams to ship securely without unnecessary friction. Key Responsibilities Vulnerability Management & Disclosure Own and operate n8n’s vulnerability intake and triage process, including the inbox Design, improve, and run a robust Vulnerability Disclosure Program (VDP) with clear SLAs and escalation paths Coordinate private fixes for high‑severity issues and manage coordinated disclosure timelines Create and manage GitHub Security Advisories (GHSA) Coordinate bug bounty payouts and researcher communication for validated findings Define and operate patch and release processes for security fixes, including customer‑specific timelines where required Security Tooling & Assessment Evaluate, implement, and maintain security tooling across the SDLC (SAST, DAST, dependency scanning, container scanning, SBOMs) Own configuration, tuning, and triage workflows for existing tools (currently Aikido) Plan and manage third‑party penetration tests, including scoping, vendor coordination, and remediation tracking Conduct internal security assessments and lightweight red‑team or tabletop exercises appropriate to company scale Incident Response & Security Communication Lead coordination of security incidents from detection through resolution Drive incident tracking and remediation workflows in Linear Author security advisories and contribute to internal and external post‑incident reviews Communicate clearly, calmly, and empathetically with customers and users during security incidents, in partnership with engineering and leadership Security Program Development Define and maintain security policies, standards, and public‑facing disclosure documentation Manage relationships with security researchers and bug bounty platforms (e.g., HackerOne, Bugcrowd) Track industry trends, emerging vulnerabilities, and relevant research, proactively applying learnings to n8n’s environment Help shape longer‑term security strategy and roadmap in collaboration with engineering leadership Secure SDLC Integration Embed security into the software development lifecycle through threat modeling, design reviews, and pragmatic guardrails Advise engineering teams on secure coding practices and common vulnerability patterns Produce clear, actionable security documentation for internal engineering audiences Partner closely with product and engineering teams across Nodes, AI Core, Cloud, and other areas to ensure security considerations are built in early What Success Looks Like Established a predictable, trusted vulnerability intake and triage process Reduced mean time to remediation for high and critical security issuesIntegrated security tooling into CI/CD with minimal friction for engineers Successfully led at least one coordinated disclosure or security incident end‑to‑end Built strong relationships with engineering teams as a pragmatic, enabling security partner Requirements Must‑haves 5+ years of experience in product security, application security, or a closely related role (or equivalent demonstrated impact) Hands‑on experience with vulnerability management and disclosure workflows Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10) Experience implementing and operating security tooling (SAST, DAST, dependency and container scanning) Familiarity with coordinated vulnerability disclosure and security advisories Proven ability to write clear security documentation and communicate with both technical and non‑technical audiences Experience engaging with security researchers or bug bounty programs Nice‑to‑haves Experience securing SaaS platforms in cloud‑native environments Familiarity with JavaScript/TypeScript and the Node.js ecosystem Experience working in high‑growth or open‑source‑adjacent companies Knowledge of DevSecOps practices and CI/CD security integration Experience with threat modeling methodologies Relevant security certifications (e.g., OSCP, CISSP, CEH) Working Style & Philosophy You prioritize pragmatic risk reduction over rigid controls You see security as an enabler of product velocity, not a gatekeeper You are comfortable making trade‑offs and focusing on the highest‑impact risks You thrive in environments with ambiguity and ownership Benefits Competitive compensation – We offer fair and attractive pay. Ownership – Our core value is to “empower others,” and we mean it—you’ll get a slice of n8n with equity. Work/life balance – We work hard but ensure you have time to recharge: Europe: 30 days of vacation, plus public holidays wherever you are. US: 15 vacation days, 8 sick days, plus public holidays wherever you are. Health & wellness – Europe: We provide benefits according to local country norms.* US: Multiple low‑premium, low‑deductible medical plans with coverage for individuals and families—plus a no‑cost premium HDHP option with a pre‑seeded HSA—along with dental and vision coverage. Future planning – Europe: We provide pension contributions according to local country norms.* US: 401(k) retirement plan with a 4% employer match. Financial security – Europe: We provide benefits according to local country norms.* US: Company‑paid short‑term and long‑term disability insurance, plus life insurance to support you and your loved ones. Career growth – We hire rising stars who grow with us You’ll get €1K (or equivalent) per year to spend on courses, books, events, or coaching to level up your skills. A passionate team – We love our product, and we prove it with regular hackathons where we see who can build the coolest thing with it Remote‑first – Our team works remotely across Europe, with regular off‑sites for team bonding. Some roles, like sales in the US, are hybrid—please check the job description. Giving back – We're big fans of open source, and you'll get $100 per month to support projects you care about. AI enablement – We believe in working smarter—everyone gets an unlimited AI budget to explore and use the best tools to boost productivity and creativity. Transparency – We all know what everyone’s working on, how the company is doing—the whole shebang. An ambitious but kind culture – People love working here—our eNPS for 2024 is 94 Country‑specific details are provided in your contract. n8n is an equal opportunity employer and does not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, age, marital status, veteran status, or disability status. We can sponsor visas to Germany; for any other country, you need to have existing right to work. Our company language is English. You care about diversity and inclusion? We do too Check out our Diversity, Inclusion and Belonging initiatives at n8n ( Location disclaimer: If you see multiple job postings for the same role, it is most likely because we're hiring remotely for this role and posting in different locations to make sure every potential candidate can see the role. Please apply to the location you're the most likely to work from in the future. #J-18808-Ljbffr