Senior Product Security Engineer
n8n
full-time
Posted on:
Location Type: Remote
Location: Germany
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Own and operate n8n’s vulnerability intake and triage process, including the **security@n8n.io** inbox
- Design, improve, and run a robust Vulnerability Disclosure Program (VDP) with clear SLAs and escalation paths
- Coordinate private fixes for high-severity issues and manage coordinated disclosure timelines
- Create and manage GitHub Security Advisories (GHSA)
- Coordinate bug bounty payouts and researcher communication for validated findings
- Define and operate patch and release processes for security fixes, including customer-specific timelines where required
- Evaluate, implement, and maintain security tooling across the SDLC (SAST, DAST, dependency scanning, container scanning, SBOMs)
- Own configuration, tuning, and triage workflows for existing tools (currently Aikido)
- Plan and manage third-party penetration tests, including scoping, vendor coordination, and remediation tracking
- Conduct internal security assessments and lightweight red-team or tabletop exercises appropriate to company scale
- Lead coordination of security incidents from detection through resolution
- Drive incident tracking and remediation workflows in Linear
- Author security advisories and contribute to internal and external post-incident reviews
- Communicate clearly, calmly, and empathetically with customers and users during security incidents, in partnership with engineering and leadership
- Define and maintain security policies, standards, and public-facing disclosure documentation
- Manage relationships with security researchers and bug bounty platforms (e.g., HackerOne, Bugcrowd)
- Track industry trends, emerging vulnerabilities, and relevant research, proactively applying learnings to n8n’s environment
- Help shape longer-term security strategy and roadmap in collaboration with engineering leadership
- Embed security into the software development lifecycle through threat modeling, design reviews, and pragmatic guardrails
- Advise engineering teams on secure coding practices and common vulnerability patterns
- Produce clear, actionable security documentation for internal engineering audiences
- Partner closely with product and engineering teams across Nodes, AI Core, Cloud, and other areas to ensure security considerations are built in early
Requirements
- 5+ years of experience in product security, application security, or a closely related role (or equivalent demonstrated impact)
- Hands-on experience with vulnerability management and disclosure workflows
- Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10)
- Experience implementing and operating security tooling (SAST, DAST, dependency and container scanning)
- Familiarity with coordinated vulnerability disclosure and security advisories
- Proven ability to write clear security documentation and communicate with both technical and non-technical audiences
- Experience engaging with security researchers or bug bounty programs**
- Nice-to-haves
- Experience securing SaaS platforms in cloud-native environments
- Familiarity with JavaScript/TypeScript and the Node.js ecosystem
- Experience working in high-growth or open-source-adjacent companies
- Knowledge of DevSecOps practices and CI/CD security integration
- Experience with threat modeling methodologies
- Relevant security certifications (e.g., OSCP, CISSP, CEH)
Benefits
- Competitive compensation 💸 – We offer fair and attractive pay.
- Ownership 💪 – Our core value is to “empower others,” and we mean it—you’ll get a slice of n8n with equity.
- Work/life balance 🏖️ – We work hard but ensure you have time to recharge:
- Europe: 30 days of vacation, plus public holidays wherever you are.
- US: 15 vacation days, 8 sick days, plus public holidays wherever you are.
- Health & wellness 🩺 –
- Europe: We provide benefits according to local country norms.*
- US: Multiple low-premium, low-deductible medical plans with coverage for individuals and families—plus a no-cost premium HDHP option with a pre-seeded HSA—along with dental and vision coverage.
- Future planning 💰 –
- Europe: We provide pension contributions according to local country norms.*
- US: 401(k) retirement plan with a 4% employer match.
- Financial security 🛡️ –
- Europe: We provide benefits according to local country norms.*
- US: Company-paid short-term and long-term disability insurance, plus life insurance to support you and your loved ones.
- Career growth 📈 – We hire rising stars who grow with us! You’ll get €1K (or equivalent) per year to spend on courses, books, events, or coaching to level up your skills.
- A passionate team 🤩 – We love our product, and we prove it with regular hackathons where we see who can build the coolest thing with it!
- Remote-first 🌏 – Our team works remotely across Europe, with regular off-sites for team bonding. Some roles, like sales in the US, are hybrid—please check the job description.
- Giving back 🤝 – We're big fans of open source, and you'll get $100 per month to support projects you care about.
- AI enablement 🤖 – We believe in working smarter—everyone gets an unlimited AI budget to explore and use the best tools to boost productivity and creativity.
- Transparency 🙏 – We all know what everyone’s working on, how the company is doing—the whole shebang.
- An ambitious but kind culture 😍 – People love working here—our eNPS for 2024 is 94!
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard Skills & Tools
vulnerability managementvulnerability disclosure workflowsweb application vulnerabilitiesSASTDASTdependency scanningcontainer scanningthreat modelingsecure coding practicessecurity documentation
Soft Skills
communicationcoordinationempathyleadershipproblem-solvingcollaborationclear writingcalmness under pressurerelationship managementstrategic thinking
Certifications
OSCPCISSPCEH