Sr Product Security Engineer

The AI orchestration of your wildest imagination.

n8n is the open workflow orchestration platform built for the new era of AI. We give technical teams the freedom of code with the speed of no-code so they can automate faster smarter and without limits. Backed by a fiercely inventive community and 500 builder-approved integrations were changing the way people bring systems together and scale ideas for impact.

Since our founding in 2019 weve grown into a diverse team of over 160 - working across Europe and the US connected by a shared builder spirit and with our centre of gravity in Berlin. Along the way weve:

• Cultivated a community of more than 650000 active developers and builders

• Earned 145k GitHub stars making us one of the worlds Top 40 most popular projects

• Been ranked as one of Europes most promising privately held SaaS startups (4th in Sifteds 2025 B2B SaaS Rising 100)

• Raised $240m to date from Sequoias first German seed to our recent $180m Series C - bringing us to a $2.5bn valuation

• And are grateful for our 94 eNPS score (most companies would call 70 excellent)

Thats the company weve built. Now wed love to see what you can build. If youre applying try n8n out - whether youre technical or not - and share a screenshot of your first workflow with us. The easiest place to start is here: in a defining moment of an incredible journey. Come and build with us.

We are seeking a Senior Product Security Engineer to join our engineering organization as our first dedicated security hire. In this role you will take primary ownership of n8ns product security posture and work closely with the VP of Engineering to establish security as a core pillar of our engineering culture.

This is a foundational role with significant autonomy and influence. You will define priorities design processes and implement pragmatic security practices that scale with a fast-growing open-source-driven SaaS platform. While you will initially operate as a senior individual contributor this role has the potential to evolve as n8n grows.

You will partner with a 50 person engineering organization across multiple product areas acting as both a hands-on security expert and a trusted advisor who enables teams to ship securely without unnecessary friction.

Key Responsibilities

Vulnerability Management & Disclosure

• Own and operate n8ns vulnerability intake and triage process including the inbox

• Design improve and run a robust Vulnerability Disclosure Program (VDP) with clear SLAs and escalation paths

• Coordinate private fixes for high-severity issues and manage coordinated disclosure timelines

• Create and manage GitHub Security Advisories (GHSA)

• Coordinate bug bounty payouts and researcher communication for validated findings

• Define and operate patch and release processes for security fixes including customer-specific timelines where required

Security Tooling & Assessment

• Evaluate implement and maintain security tooling across the SDLC (SAST DAST dependency scanning container scanning SBOMs)

• Own configuration tuning and triage workflows for existing tools (currently Aikido)

• Plan and manage third-party penetration tests including scoping vendor coordination and remediation tracking

• Conduct internal security assessments and lightweight red-team or tabletop exercises appropriate to company scale

Incident Response & Security Communication

• Lead coordination of security incidents from detection through resolution

• Drive incident tracking and remediation workflows in Linear

• Author security advisories and contribute to internal and external post-incident reviews

• Communicate clearly calmly and empathetically with customers and users during security incidents in partnership with engineering and leadership

Security Program Development

• Define and maintain security policies standards and public-facing disclosure documentation

• Manage relationships with security researchers and bug bounty platforms (e.g. HackerOne Bugcrowd)

• Track industry trends emerging vulnerabilities and relevant research proactively applying learnings to n8ns environment

• Help shape longer-term security strategy and roadmap in collaboration with engineering leadership

Secure SDLC Integration

• Embed security into the software development lifecycle through threat modeling design reviews and pragmatic guardrails

• Advise engineering teams on secure coding practices and common vulnerability patterns

• Produce clear actionable security documentation for internal engineering audiences

• Partner closely with product and engineering teams across Nodes AI Core Cloud and other areas to ensure security considerations are built in early

What Success Looks Like

Within the first 612 months you will have:

• Established a predictable trusted vulnerability intake and triage process

• Reduced mean time to remediation for high and critical security issues

• Integrated security tooling into CI/CD with minimal friction for engineers

• Successfully led at least one coordinated disclosure or security incident end-to-end

• Built strong relationships with engineering teams as a pragmatic enabling security partner

Requirements

Must-haves

• 5 years of experience in product security application security or a closely related role (or equivalent demonstrated impact)

• Hands-on experience with vulnerability management and disclosure workflows

• Strong understanding of common web application vulnerabilities (e.g. OWASP Top 10)

• Experience implementing and operating security tooling (SAST DAST dependency and container scanning)

• Familiarity with coordinated vulnerability disclosure and security advisories

• Proven ability to write clear security documentation and communicate with both technical and non-technical audiences

• Experience engaging with security researchers or bug bounty programs
  

Nice-to-haves

• Experience securing SaaS platforms in cloud-native environments

• Familiarity with JavaScript/TypeScript and the ecosystem

• Experience working in high-growth or open-source-adjacent companies

• Knowledge of DevSecOps practices and CI/CD security integration

• Experience with threat modeling methodologies

• Relevant security certifications (e.g. OSCP CISSP CEH)

Working Style & Philosophy

• You prioritize pragmatic risk reduction over rigid controls

• You see security as an enabler of product velocity not a gatekeeper

• You are comfortable making trade-offs and focusing on the highest-impact risks

• You thrive in environments with ambiguity and ownership

n8n is an equal opportunity employer and does not discriminate on the basis of race religion colour national origin gender sexual orientation gender identity age marital status veteran status or disability status.

We can sponsor visas to Germany; for any other country you need to have existing right to work.

Our company language is English.

You care about diversity and inclusion We do too! Check out our Diversity Inclusion and Belonging initiatives at n8n ( disclaimer: If you see multiple job postings for the same role it is most likely because were hiring remotely for this role and posting in different locations to make sure every potential candidate can see the role. Please apply to the location youre the most likely to work from in the future.

Benefits

• Competitive compensation We offer fair and attractive pay.

• Ownership Our core value is to empower others and we mean ityoull get a slice of n8n with equity.

• Work/life balance We work hard but ensure you have time to recharge:

  • Europe: 30 days of vacation plus public holidays wherever you are.

  • US: 15 vacation days 8 sick days plus public holidays wherever you are.

• Health & wellness

  • Europe: We provide benefits according to local country norms.*

  • US: Multiple low-premium low-deductible medical plans with coverage for individuals and familiesplus a no-cost premium HDHP option with a pre-seeded HSAalong with dental and vision coverage.

• Future planning

  • Europe: We provide pension contributions according to local country norms.*

  • US: 401(k) retirement plan with a 4% employer match.

• Financial security

  • Europe: We provide benefits according to local country norms.*

  • US: Company-paid short-term and long-term disability insurance plus life insurance to support you and your loved ones.

• Career growth We hire rising stars who grow with us! Youll get 1K (or equivalent) per year to spend on courses books events or coaching to level up your skills.

• A passionate team We love our product and we prove it with regular hackathons where we see who can build the coolest thing with it!

• Remote-first Our team works remotely across Europe with regular off-sites for team bonding. Some roles like sales in the US are hybridplease check the job description.

• Giving back Were big fans of open source and youll get $100 per month to support projects you care about.

• AI enablement We believe in working smartereveryone gets an unlimited AI budget to explore and use the best tools to boost productivity and creativity.

• Transparency We all know what everyones working on how the company is doingthe whole shebang.

• An ambitious but kind culture People love working hereour eNPS for 2024 is 94!

* Country-specific details are provided in your contract.

Required Experience:

Senior IC