Unlock the Future of Security: Sr. Director of Product Security at 1Password
At 1Password, we're not just building a password manager; we're forging the foundation for a secure and productive digital world. As a leader in cybersecurity, we're pioneering Extended Access Management, empowering millions of users and over 165,000 businesses to navigate the digital landscape with confidence.
Are you a passionate security leader ready to make a real impact? Do you thrive in a fast-paced environment, tackling complex challenges alongside a team of driven and curious individuals? If so, we invite you to join us and help shape a safer, simpler digital future.
We're seeking an experienced Sr. Director of Product Security to lead and elevate our Product Security function. This is a high-impact role where you'll be responsible for charting the course for Application Security, Data and Device Security, and building a world-class Security Research team. You'll be a trusted advisor to the CISO, a mentor to your team, and a thought leader within the security community.
As Sr. Director of Product Security, you will:
Set the Strategy: Define and execute a comprehensive Product Security strategy, focusing on proactive risk reduction and enabling secure AI innovation.
Build and Scale Programs: Develop and manage world-class programs for Application Security, Bug Bounty, Vulnerability Management, Data and Device Security, and Secure SDLC.
Lead a High-Performing Team: Manage, mentor, and develop a team of skilled security professionals, fostering growth and accountability.
Drive Collaboration: Partner with engineering, product, and security leadership to balance security with business and product priorities.
Innovate and Research: Build and lead a Security Research team focused on identifying emerging threats, new attack vectors, and innovative defensive techniques.
Be a Thought Leader: Represent Product Security in executive and board-level discussions, providing data-driven insights and recommendations.
What You'll Be Doing:
People Leadership:
Serve as a mentor and coach, providing regular 1-on-1s, performance feedback, and career development.
Recruit and onboard top security talent to complement the team and bring fresh perspectives.
Program Leadership & Partnerships:
Define and champion the company-wide Product Security strategy, with a proactive focus on risk mitigation and enabling secure AI innovation.
Build and scale industry-leading programs for Application Security, Bug Bounty, Vulnerability Management, Data and Device Security, and Secure SDLC.
Establish key metrics, reporting mechanisms, and dashboards to track program success and risk reduction.
Application Security & Secure SDLC:
Develop and enforce secure coding practices, with a particular emphasis on AI adoption, threat modeling, security reviews, and code analysis practices.
Partner with engineering leadership to integrate security seamlessly into the SDLC and CI/CD pipelines, ensuring security is a core consideration from design to deployment.
Empower developers with the necessary tools, training, and automation to "shift security left."
Bug Bounty, Vulnerability Management, & Pentesting:
Oversee comprehensive vulnerability management and penetration testing programs.
Ensure rapid triage, prioritization, and remediation of vulnerabilities across the entire environment.
Collaborate with external researchers and internal teams to foster a collaborative vulnerability disclosure program.
Participate in an on-call rotation and provide support to the team during incident management.
Data & Device Security:
Lead the data security program, overseeing our underlying cryptography and cryptographic libraries across all product offerings, as well as codebase secrets management.
Spearhead the device security program, responsible for the development of security libraries and frameworks to support product feature development, security vulnerability remediation, and minimization.
Oversee security standards initiatives and critical security product features.
Cross-Functional Collaboration & Leadership:
Partner with Product, Engineering, and other teams to effectively balance security with business and product objectives.
Represent Product Security in executive and board-level discussions, providing data-driven insights and strategic recommendations.
Mentor and develop a high-performing security team, fostering a culture of growth and accountability.
Security Research:
Build and lead a dedicated Security Research team focused on identifying emerging threats, novel attack vectors, and innovative defensive techniques that enhance 1Password’s products and protect our customers.
Drive original research into product, application, and ecosystem-level vulnerabilities, responsibly publishing findings where appropriate.
Engage with the broader security community to stay at the forefront of evolving risks and integrate insights back into product security programs.
What You'll Bring to the Table:
9+ years of progressive experience in security, with at least 5+ years leading security teams/programs at scale.
Bachelor's degree in Computer Science, Information Technology, Computer Engineering, or a related field; or equivalent work experience.
Deep expertise in Application Security, Vulnerability Management, Secure SDLC, and Bug Bounty programs.
Experience leading Security Research activities and engaging with the security research community.
A proven track record of embedding security into engineering processes and influencing product development.
Demonstrated experience leading security teams in high-growth technology or security-focused companies.
A passion for fostering psychological safety and stability in high-stress environments.
Excellent communication skills, with the ability to articulate complex security issues to both technical and non-technical audiences, including executives and boards.
Thought leadership with visibility in the security community (e.g., public speaking, open-source contributions, bug bounty engagement) is a strong plus.
Experience leading security initiatives that support and/or incorporate AI capabilities.
Demonstrated software development experience with Go, Ruby on Rails, shell scripting, Python, or other languages.
Experience collaborating across departments, such as with internal business or engineering units, external incident response teams, and research teams.
Compensation:
USA-based roles only: The annual base salary for this role is between $289,000 USD and $391,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.
Canada-based roles only: The annual base salary for this role is between $270,000 CAD and $366,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.
At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set.
Life at 1Password:
We're a collaborative, transparent, and feedback-driven team guided by our core values: Keep it Simple, Lead with Honesty, and Put People First. Be prepared to challenge the status quo, experiment, and iterate to find the best solutions. If you're a proven expert who thrives in a fast-paced, ambiguous environment, 1Password is the place for you. We're actively embracing AI to drive innovation and enhance our mission of bridging security and privacy.
Our Remote-First Approach:
We believe in the power of remote work and value in-person connections. While remote-first, most roles require travel for team meetings, offsites, and industry events.
Perks & Benefits:
We believe in rewarding hard work with a comprehensive benefits package:
Health and Wellbeing: Maternity and parental leave top-up programs, competitive health benefits, generous PTO.
Growth and Future: RSU program for most employees, retirement matching program, free 1Password account.
Community: Paid volunteer days, peer-to-peer recognition through Bonusly, remote-first work environment.
You Belong Here:
1Password is an equal opportunity employer committed to fostering an inclusive, diverse, and equitable workplace. We welcome all individuals and do not discriminate on any basis.
Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at [email protected] and we’ll work to meet your needs.
Remote work is a part of our DNA. Given that our company was founded remotely in 2005, we can safely say we're experts at building remote culture. That said, remote work at 1Password does mean working from your home country. If you've got questions or concerns about this, your talent partner would be happy to address them with you.
Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law.
1Password uses artificial intelligence (AI) and machine learning (ML) technologies, including natural language processing and predictive analytics, to assist in the initial screening of employment applications and improve our recruitment process. See here for the latest third party bias audit information. If you prefer not to have your application assessed using AI/ML features, you may opt out by completing this form. For additional information see our Candidate Privacy Notice.