Sr Product Security Engineer

The AI orchestration of your wildest imagination.

n8n is the open workflow orchestration platform built for the new era of AI. We give technical teams the freedom of code with the speed of no-code, so they can automate faster, smarter, and without limits. Backed by a fiercely inventive community and 500+ builder-approved integrations, we’re changing the way people bring systems together and scale ideas for impact.

Since our founding in 2019, we’ve grown into a diverse team of over 160 - working across Europe and the US, connected by a shared builder spirit and with our centre of gravity in Berlin. Along the way, we’ve:

Cultivated a community of more than 650,000 active developers and builders

Earned 145k+ GitHub stars, making us one of the world’s Top 40 most popular projects

Been ranked as one of Europe’s most promising privately held SaaS startups (4th in Sifted’s 2025 B2B SaaS Rising 100)

Raised $240m to date, from Sequoia’s first German seed to our recent $180m Series C - bringing us to a $2.5bn valuation

And are grateful for our 94 eNPS score (most companies would call 70 excellent)

That’s the company we’ve built. Now we’d love to see what you can build. If you’re applying, try n8n out - whether you’re technical or not - and share a screenshot of your first workflow with us. The easiest place to start is here: app.n8n.cloud/register.

We’re in a defining moment of an incredible journey. Come and build with us.

We are seeking a Senior Product Security Engineer to join our engineering organization as our first dedicated security hire. In this role, you will take primary ownership of n8n’s product security posture and work closely with the VP of Engineering to establish security as a core pillar of our engineering culture.

This is a foundational role with significant autonomy and influence. You will define priorities, design processes, and implement pragmatic security practices that scale with a fast-growing, open-source-driven SaaS platform. While you will initially operate as a senior individual contributor, this role has the potential to evolve as n8n grows.

You will partner with a 50+ person engineering organization across multiple product areas, acting as both a hands-on security expert and a trusted advisor who enables teams to ship securely without unnecessary friction.

Key Responsibilities
Vulnerability Management & Disclosure

Own and operate n8n’s vulnerability intake and triage process, including the [email protected] inbox

Design, improve, and run a robust Vulnerability Disclosure Program (VDP) with clear SLAs and escalation paths

Coordinate private fixes for high-severity issues and manage coordinated disclosure timelines

Create and manage GitHub Security Advisories (GHSA)

Coordinate bug bounty payouts and researcher communication for validated findings

Define and operate patch and release processes for security fixes, including customer-specific timelines where required

Security Tooling & Assessment

Evaluate, implement, and maintain security tooling across the SDLC (SAST, DAST, dependency scanning, container scanning, SBOMs)

Own configuration, tuning, and triage workflows for existing tools (currently Aikido)

Plan and manage third-party penetration tests, including scoping, vendor coordination, and remediation tracking

Conduct internal security assessments and lightweight red-team or tabletop exercises appropriate to company scale

Incident Response & Security Communication

Lead coordination of security incidents from detection through resolution

Drive incident tracking and remediation workflows in Linear

Author security advisories and contribute to internal and external post-incident reviews

Communicate clearly, calmly, and empathetically with customers and users during security incidents, in partnership with engineering and leadership

Security Program Development

Define and maintain security policies, standards, and public-facing disclosure documentation

Manage relationships with security researchers and bug bounty platforms (e.g., HackerOne, Bugcrowd)

Track industry trends, emerging vulnerabilities, and relevant research, proactively applying learnings to n8n’s environment

Help shape longer-term security strategy and roadmap in collaboration with engineering leadership

Secure SDLC Integration

Embed security into the software development lifecycle through threat modeling, design reviews, and pragmatic guardrails

Advise engineering teams on secure coding practices and common vulnerability patterns

Produce clear, actionable security documentation for internal engineering audiences

Partner closely with product and engineering teams across Nodes, AI Core, Cloud, and other areas to ensure security considerations are built in early

What Success Looks Like

Within the first 6–12 months, you will have:

Established a predictable, trusted vulnerability intake and triage process

Reduced mean time to remediation for high and critical security issues

Integrated security tooling into CI/CD with minimal friction for engineers

Successfully led at least one coordinated disclosure or security incident end-to-end

Built strong relationships with engineering teams as a pragmatic, enabling security partner

Requirements
Must-haves

5+ years of experience in product security, application security, or a closely related role (or equivalent demonstrated impact)

Hands-on experience with vulnerability management and disclosure workflows

Strong understanding of common web application vulnerabilities (e.g., OWASP Top 10)

Experience implementing and operating security tooling (SAST, DAST, dependency and container scanning)

Familiarity with coordinated vulnerability disclosure and security advisories

Proven ability to write clear security documentation and communicate with both technical and non-technical audiences

Experience engaging with security researchers or bug bounty programs

Nice-to-haves

Experience securing SaaS platforms in cloud-native environments

Familiarity with JavaScript/TypeScript and the Node.js ecosystem

Experience working in high-growth or open-source-adjacent companies

Knowledge of DevSecOps practices and CI/CD security integration

Experience with threat modeling methodologies

Relevant security certifications (e.g., OSCP, CISSP, CEH)

Working Style & Philosophy

You prioritize pragmatic risk reduction over rigid controls

You see security as an enabler of product velocity, not a gatekeeper

You are comfortable making trade-offs and focusing on the highest-impact risks

You thrive in environments with ambiguity and ownership

n8n is an equal opportunity employer and does not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, age, marital status, veteran status, or disability status.

We can sponsor visas to Germany; for any other country, you need to have existing right to work.

Our company language is English.

You care about diversity and inclusion? We do too! Check out our Diversity, Inclusion and Belonging initiatives at n8n (https://www.notion.so/n8n/Diversity-inclusion-and-belonging-n8n-c1bec2fff536422d868b1a438d990e35).

Location disclaimer: If you see multiple job postings for the same role, it is most likely because we're hiring remotely for this role and posting in different locations to make sure every potential candidate can see the role. Please apply to the location you're the most likely to work from in the future.

Benefits

Competitive compensation – We offer fair and attractive pay.

Ownership – Our core value is to “empower others,” and we mean it—you’ll get a slice of n8n with equity.

Work/life balance – We work hard but ensure you have time to recharge:

Europe: 30 days of vacation, plus public holidays wherever you are.

US: 15 vacation days, 8 sick days, plus public holidays wherever you are.

Health & wellness –

Europe: We provide benefits according to local country norms.*

US: Multiple low-premium, low-deductible medical plans with coverage for individuals and families—plus a no-cost premium HDHP option with a pre-seeded HSA—along with dental and vision coverage.

Future planning –

Europe: We provide pension contributions according to local country norms.*

US: 401(k) retirement plan with a 4% employer match.

Financial security –

Europe: We provide benefits according to local country norms.*

US: Company-paid short-term and long-term disability insurance, plus life insurance to support you and your loved ones.

Career growth – We hire rising stars who grow with us! You’ll get €1K (or equivalent) per year to spend on courses, books, events, or coaching to level up your skills.

A passionate team – We love our product, and we prove it with regular hackathons where we see who can build the coolest thing with it!

Remote-first – Our team works remotely across Europe, with regular off-sites for team bonding. Some roles, like sales in the US, are hybrid—please check the job description.

Giving back – We're big fans of open source, and you'll get $100 per month to support projects you care about.

AI enablement – We believe in working smarter—everyone gets an unlimited AI budget to explore and use the best tools to boost productivity and creativity.

Transparency – We all know what everyone’s working on, how the company is doing—the whole shebang.

An ambitious but kind culture – People love working here—our eNPS for 2024 is 94!

Country-specific details are provided in your contract.