View All Jobs 129527

Sr Product Security Engineer - Remote Eligible

Own and scale n8n's product security posture across engineering teams, defining strategies and processes.
BerlinRemote
Senior
yesterday
n8n

n8n

Offers a fair-code, node-based workflow automation platform to connect apps, APIs, and databases with customizable integrations.

Senior Product Security Engineer

The AI orchestration of your wildest imagination.

n8n is the open workflow orchestration platform built for the new era of AI. We give technical teams the freedom of code with the speed of no-code, so they can automate faster, smarter, and without limits. Backed by a fiercely inventive community and 500+ builder-approved integrations, we're changing the way people bring systems together and scale ideas for impact.

Since our founding in 2019, we've grown into a diverse team of over 160 - working across Europe and the US, connected by a shared builder spirit and with our centre of gravity in Berlin. Along the way, we've:

  • Cultivated a community of more than 650,000 active developers and builders
  • Earned 145k+ GitHub stars, making us one of the world's Top 40 most popular projects
  • Been ranked as one of Europe's most promising privately held SaaS startups (4th in Sifted's 2025 B2B SaaS Rising 100)
  • Raised $240m to date, from Sequoia's first German seed to our recent $180m Series C - bringing us to a $2.5bn valuation
  • And are grateful for our 94 eNPS score (most companies would call 70 excellent)

That's the company we've built. Now we'd love to see what you can build. If you're applying, try n8n out - whether you're technical or not - and share a screenshot of your first workflow with us. The easiest place to start is here: app.n8n.cloud/register.

We're in a defining moment of an incredible journey. Come and build with us.

We are seeking a Senior Product Security Engineer to join our engineering organization as our first dedicated security hire. In this role, you will take primary ownership of n8n's product security posture and work closely with the VP of Engineering to establish security as a core pillar of our engineering culture.

This is a foundational role with significant autonomy and influence. You will define priorities, design processes, and implement pragmatic security practices that scale with a fast-growing, open-source-driven SaaS platform. While you will initially operate as a senior individual contributor, this role has the potential to evolve as n8n grows.

You will partner with a 50+ person engineering organization across multiple product areas, acting as both a hands-on security expert and a trusted advisor who enables teams to ship securely without unnecessary friction.

Key Responsibilities

Vulnerability Management & Disclosure

  • Own and operate n8n's vulnerability intake and triage process, including the security@n8n.io inbox
  • Design, improve, and run a robust Vulnerability Disclosure Program (VDP) with clear SLAs and escalation paths
  • Coordinate private fixes for high-severity issues and manage coordinated disclosure timelines
  • Create and manage GitHub Security Advisories (GHSA)
  • Coordinate bug bounty payouts and researcher communication for validated findings
  • Define and operate patch and release processes for security fixes, including customer-specific timelines where required

Security Tooling & Assessment

  • Evaluate, implement, and maintain security tooling across the SDLC (SAST, DAST, dependency scanning, container scanning, SBOMs)
  • Own configuration, tuning, and triage workflows for existing tools (currently Aikido)
  • Plan and manage third-party penetration tests, including scoping, vendor coordination, and remediation tracking
  • Conduct internal security assessments and lightweight red-team or tabletop exercises appropriate to company scale

Incident Response & Security Communication

  • Lead coordination of security incidents from detection through resolution
  • Drive incident tracking and remediation workflows in Linear
  • Author security advisories and contribute to internal and external post-incident reviews
  • Communicate clearly, calmly, and empathetically with customers and users during security incidents, in partnership with engineering and leadership

Security Program Development

  • Define and maintain security policies, standards, and public-facing disclosure documentation
  • Manage relationships with security researchers and bug bounty platforms (e.g., HackerOne, Bugcrowd)
  • Track industry trends, emerging vulnerabilities, and relevant research, proactively applying learnings to n8n's environment
  • Help shape longer-term security strategy and roadmap in collaboration with engineering leadership

Secure SDLC Integration

  • Embed security into the software development lifecycle through threat modeling, design reviews, and pragmatic guardrails
  • Advise engineering teams on secure coding practices and common vulnerability patterns
  • Produce clear, actionable security documentation for internal engineering audiences
  • Partner closely with product and engineering teams across Nodes, AI Core, Cloud, and other areas to ensure security considerations are built in early

What Success Looks Like

Within the first 6–12 months, you will have:

  • Established a predictable, trusted vulnerability intake and triage process
  • Reduced mean time to remediation for high and critical security issues
  • Integrated security tooling into CI/CD with minimal friction for engineers
  • Successfully led at least one coordinated disclosure or security incident end-to-end
  • Built strong relationships with engineering teams as a pragmatic, enabling security partner

Requirements

Must-haves

  • 5+ years of experience in product security, application security, or a closely related role (or equivalent demonstrated impact)
  • Hands-on experience with vulnerability management and disclosure workflows
  • Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10)
  • Experience implementing and operating security tooling (SAST, DAST, dependency and container scanning)
  • Familiarity with coordinated vulnerability disclosure and security advisories
  • Proven ability to write clear security documentation and communicate with both technical and non-technical audiences
  • Experience engaging with security researchers or bug bounty programs

Nice-to-haves

  • Experience securing SaaS platforms in cloud-native environments
  • Familiarity with JavaScript/TypeScript and the Node.js ecosystem
  • Experience working in high-growth or open-source-adjacent companies
  • Knowledge of DevSecOps practices and CI/CD security integration
  • Experience with threat modeling methodologies
  • Relevant security certifications (e.g., OSCP, CISSP, CEH)

Working Style & Philosophy

  • You prioritize pragmatic risk reduction over rigid controls
  • You see security as an enabler of product velocity, not a gatekeeper
  • You are comfortable making trade-offs and focusing on the highest-impact risks
  • You thrive in environments with ambiguity and ownership

n8n is an equal opportunity employer and does not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, gender identity, age, marital status, veteran status, or disability status. We can sponsor visas to Germany; for any other country, you need to have existing right to work. Our company language is English. You care about diversity and inclusion? We do too! Check out our Diversity, Inclusion and Belonging initiatives at n8n.

Benefits

  • Competitive compensation – We offer fair and attractive pay.
  • Ownership – Our core value is to "empower others," and we mean itβ€”you'll get a slice of n8n with equity.
  • Work/life balance – We work hard but ensure you have
+ Show Original Job Post
Suggest a correction
























Sr Product Security Engineer - Remote Eligible
BerlinRemote
Engineering
Apply to job
About n8n
Offers a fair-code, node-based workflow automation platform to connect apps, APIs, and databases with customizable integrations.