Principal Software Engineer, Security

At HubSpot security isnt a checkboxits fundamental to how we design build and operate our products. Were looking for a Principal Software Engineer Security to help define and deliver secure systems at scale: someone who writes production code shapes architecture and raises the bar on how security is engineered across HubSpots platform.

In this role youll play a leading part in advancing HubSpots overall security posture partnering across Product and Corporate Security to design and implement pragmatic scalable security solutions. Youll be a hands-on technical leader who moves comfortably between high-level strategy and deep hands-on production software development enabling millions of customers to Grow Better with confidence.

If youre motivated by protecting a large distributed SaaS platform from emerging threats while empowering product teams to move quickly and safely wed love to talk.

About the team

HubSpots Security organization is responsible for security privacy and compliance across our cloud-based infrastructure and product surface area. Our mission is to provide worldclass secure platforms and guardrails that make the safest path also the easiest one for our engineers and customers.

Youll work closely with Product Infrastructure Operations and Corporate Security to build defenseindepth: from secure-by-default platform capabilities to resilient incident response and data protection to a robust security program for emerging areas like AI.

Responsibilities

As a Principal Software Engineer Security you will:

• Lead the design and implementation of secure scalable foundations (services libraries patterns and platforms) developing the software that other HubSpot teams build on raising the default level of security across the company with an easy-to-use paved path.
• Act as a trusted technical leader within your org driving the development and improvement of secure software systems and influencing architectural decisions with a security mindset.
• Partner deeply with engineering and security teams (Product Infra Detection & Response Compliance etc.) to deliver practical handson solutions that mitigate real risks without sacrificing developer velocity.
• Translate organizational priorities into concrete security outcomes by defining technical direction setting guardrails and aligning roadmaps so that security is baked into the SDLC by default.
• Contribute production code and conduct deep design and code reviews especially for highrisk or foundational components championing secure development practices and simplicity.
• Identify and assess security risks across multiple domains (application security infrastructure data security detection identity and more) then design and drive implementation of controls and mitigations.
• Lead or play a key role in security incidents and CritSits: helping investigate contain and remediate issues; driving rootcause analysis; and turning learnings into durable improvements in our systems tooling and processes.
• Serve as a point of contact and subjectmatter expert for security in your area ensuring HubSpots products meet internal guardrails and external customer trust compliance and regulatory expectations.
• Help shape our approach to securing AI and emerging technologies building and advocating for patterns that keep data and systems safe while enabling rapid innovation.
• Mentor and uplevel other engineers: sharing context shaping designs modeling great technical judgment and contributing to the growth of security expertise across Product and Security teams.

Key Expectations

Were looking for a handson security engineer and technical leader with:

• 14 years of experience in software development and information security building and operating production systems with depth in at least one major security domain (e.g. application/product security data security infrastructure/cloud security detection & response or identity & access management).
• Proven experience designing and implementing foundational security capabilities in a cloudnative environment (e.g. secure services platform guardrails policy and enforcement layers or standardized security libraries).
• Strong grasp of modern security principles and architectures such as Zero Trust least privilege continuous verification and defenseindepth and the ability to apply them pragmatically in a large SaaS environment.
• Handson experience with at least some of the following (or demonstrated ability to ramp quickly):
• Application and product security (secure coding threat modeling code review abuse and fraud prevention)
• Data security and privacy engineering (encryption key management data classification access patterns)
• Cloud and infrastructure security (AWS/Azure/GCP containerization network segmentation secure configuration)
• Detection & response (alerting telemetry incident response forensics)
• Identity access and authorization systems (authN/Z policy engines zero trust access patterns)
• Experience driving large crossteam initiatives: aligning stakeholders breaking down complex problems and leading projects from concept through rollout and iteration.
• Demonstrated ability to mentor and develop other engineers and to influence technical direction beyond your immediate team through reviews proposals and thought leadership.
• Excellent communication skills with the ability to explain complex security concepts clearly to both technical and nontechnical audiences and to build strong trustbased relationships with partner teams.
• Commitment to continuous learning and staying current with evolving security threats technologies and best practices.
• Working knowledge of common security privacy and compliance frameworks (e.g. SOC 2 ISO 27001 NIST 80053 GDPR) and how to design systems that help us meet them at scale.

Nice to have (but not required):

• Experience securing AI/ML systems (workflows training data models agents and deployments) and mitigating AIspecific threats.
• Experience leading largescale migrations or transformations (e.g. major infrastructure changes authN/Z migrations or data protection programs) with careful attention to customer impact and risk.
• Relevant industry certifications (e.g. CISSP OSCP CEH cloud security or architecture specialties).

How youll work at HubSpot

• You will remain handson directly developing software diving into technical details and using AIpowered development tools (e.g. GitHub Copilot Claude ChatGPT) to enhance productivity and code quality.
• Youll be expected to model our Engineering Leadership Mission and embody HubSpots HEART and DI&B values helping us build inclusive systems and teams that reflect and serve our diverse customer base.