Sr Product Security Engineer

**The AI orchestration of your wildest imagination.**

n8n is the open workflow orchestration platform built for the new era of AI. We give technical teams the freedom of code with the speed of no-code, so they can automate faster, smarter, and without limits. Backed by a fiercely inventive community and 500+ builder-approved integrations, we’re changing the way people bring systems together and scale ideas for impact.

Since our founding in 2019, we’ve grown into a diverse team of over 160 - working across Europe and the US, connected by a shared builder spirit and with our centre of gravity in Berlin. Along the way, we’ve:

- Cultivated a community of more than 650,000 active developers and builders
- Earned 145k+ GitHub stars, making us one of the world’s Top 40 most popular projects
- Been ranked as one of Europe’s most promising privately held SaaS startups (4th in Sifted’s 2025 B2B SaaS Rising 100)
- Raised $240m to date, from Sequoia’s first German seed to our recent $180m Series C - bringing us to a $2.5bn valuation
- And are grateful for our 94 eNPS score (most companies would call 70 excellent)

That’s the company we’ve built. Now we’d love to see what _you _can build. If you’re applying, try n8n out - whether you’re technical or not - and share a screenshot of your first workflow with us. The easiest place to start is here: app.n8n.cloud/register.

We’re in a defining moment of an incredible journey. Come and build with us.

We are seeking a **Senior Product Security Engineer** to join our engineering organization as **our first dedicated security hire**. In this role, you will take primary ownership of n8n’s product security posture and work closely with the VP of Engineering to establish security as a core pillar of our engineering culture.

This is a **foundational role** with significant autonomy and influence. You will define priorities, design processes, and **implement pragmatic security practices that scale** with a fast-growing, **open-source-driven SaaS platform.** While you will initially operate as a senior individual contributor, this role has the potential to evolve as n8n grows.

You will p**artner with a 50+ person engineering organization** across **multiple product areas**, acting as both a** hands-on security expert** and a trusted advisor who **enables teams to ship securely**without unnecessary friction.

**Key Responsibilities**:
**Vulnerability Management & Disclosure**:

- Design, improve, and run a robust Vulnerability Disclosure Program (VDP) with clear SLAs and escalation paths
- Coordinate private fixes for high-severity issues and manage coordinated disclosure timelines
- Create and manage GitHub Security Advisories (GHSA)
- Coordinate bug bounty payouts and researcher communication for validated findings
- Define and operate patch and release processes for security fixes, including customer-specific timelines where required

**Security Tooling & Assessment**:

- Evaluate, implement, and maintain security tooling across the SDLC (SAST, DAST, dependency scanning, container scanning, SBOMs)
- Own configuration, tuning, and triage workflows for existing tools (currently Aikido)
- Plan and manage third-party penetration tests, including scoping, vendor coordination, and remediation tracking
- Conduct internal security assessments and lightweight red-team or tabletop exercises appropriate to company scale

**Incident Response & Security Communication**:

- Lead coordination of security incidents from detection through resolution
- Drive incident tracking and remediation workflows in Linear
- Author security advisories and contribute to internal and external post-incident reviews
- Communicate clearly, calmly, and empathetically with customers and users during security incidents, in partnership with engineering and leadership

**Security Program Development**:

- Define and maintain security policies, standards, and public-facing disclosure documentation
- Manage relationships with security researchers and bug bounty platforms (e.g., HackerOne, Bugcrowd)
- Help shape longer-term security strategy and roadmap in collaboration with engineering leadership

**Secure SDLC Integration**:

- Embed security into the software development lifecycle through threat modeling, design reviews, and pragmatic guardrails
- Advise engineering teams on secure coding practices and common vulnerability patterns
- Produce clear, actionable security documentation for internal engineering audiences
- Partner closely with product and engineering teams across Nodes, AI Core, Cloud, and other areas to ensure security considerations are built in early

**What Success Looks Like**:
Within the first 6-12 months, you will have:

- Established a predictable, trusted vulnerability intake and triage process
- Reduced mean time to remediation for high and critical security issues
- Integrated security tooling into CI/CD with mínimal friction for engineers
- Successfully led at least one coordinated disclosure