Back to jobsApply
1Password

Productive businesses use 1Password to secure employees at scale.

Senior Security Researcher

Security EngineerSecurity EngineerFull TimeRemoteTeam 501-1,000Since 2009H1B SponsorCompany SiteLinkedIn

Location

United States

Posted

23 days ago

Salary

$153K - $214K / year

Bachelor Degree4 yrs expEnglishJava ScriptLinuxMac OSPythonRubyRustType ScriptGo

Job Description

• Conduct original, hands-on research into application-level, protocol-level, and ecosystem-level vulnerabilities in 1Password’s products and the broader identity security landscape; You will discover, validate, and document novel vulnerability classes and attack chains. • Collaborate with peers to develop proof-of-concept exploits and attack demonstrations that validate research findings, illustrate real-world risk, and support engineering teams in understanding and prioritizing remediation efforts. • Investigate security risks at the intersection of AI and identity, including prompt injection, data poisoning, and other AI-based attack vectors. • Author high-quality research publications, white papers, blog posts, and technical advisories; You will have the opportunity to present findings on podcasts, webinars, and at major security conferences that contribute to 1Password’s reputation as a thought leader in identity security. • Engage actively with the global security research community through responsible disclosure, collaborative research, open-source contributions, and participation in industry forums/events. • Partner with Product, Engineering, and Detection teams to translate research findings into actionable security improvements. Provide evidence-based technical guidance that informs product direction and security strategy.

Job Requirements

  • 4+ years of progressive experience in security research, offensive security, or vulnerability research.
  • Bachelor’s degree in Computer Science, Computer Engineering, Information Security, or a related field; or equivalent practical experience.
  • Proven track record of discovering and responsibly disclosing original vulnerabilities, ideally with published CVEs, advisories, or equivalent publicly-recognized findings.
  • A track record of hands-on experience in vulnerability research, exploit development, or advanced adversarial simulation techniques.
  • Sufficient domain experience in two or more of the following domains: application security, Linux system internals, Windows system internals, macOS system internals, AI/Agentic security, Web application security, or Mobile application security.
  • Familiarity with prompt injection, data poisoning, AI design architecture, AI-based attacks, and related vectors.
  • Proficiency in one or more programming languages such as Go, Rust, Python, Ruby, JavaScript/TypeScript, or equivalent modern languages, with the ability to read and audit code for vulnerabilities.
  • Consistent history of handling vulnerabilities and disclosures responsibly while engaging constructively with vendors and the research community.
  • Demonstrable written and verbal communication skills, with a track record of producing technical publications, blog posts, and/or conference talks that clearly convey complex security topics.

Benefits

  • health, dental, 401k and many others
  • utilization of our generous paid time off
  • equity grant

Related Categories

Security Engineer

Related Job Pages

Remote Full-time Jobs (US)Remote Python Jobs (US)More US Remote Jobs

More Security Engineer Jobs

Cyber Security Engineer

GE HealthCare
Security Engineer23 days ago
Full TimeRemoteTeam 10,001+Since 1892H1B Sponsor
Company SiteLinkedIn

Cyber Security Engineer safeguarding healthcare technology products at GE HealthCare

AWSAzureCloudCyber SecurityDockerGoogle Cloud PlatformKubernetes
View details: Cyber Security Engineer
Illinois + 1 moreAll locations: Illinois, Massachusetts
$105.6K - $158.4K / year
Apply

Physical Security Delivery Manager

Stream Data Centers

We believe that deploying data center capacity should be a great experience.

Security Engineer23 days ago
Full TimeRemoteTeam 501-1,000Since 1999H1B No Sponsor
Company SiteLinkedIn

Physical Security Delivery Manager overseeing construction and operations security projects

View details: Physical Security Delivery Manager
Arizona + 2 moreAll locations: Arizona, Illinois, Texas
Apply

Sr. GRC Engineer

Ro (Ro.co)

Ro is a direct-to-patient healthcare company with a mission of helping patients achieve their health goals by delivering the easiest, most effective care possible. Ro is the only company to offer nationwide telehealth, labs, and pharmacy services. This is enabled by Ro's vertically integrated platform that helps patients achieve their goals through a convenient, end-to-end healthcare experience spanning from diagnosis, to delivery of medication, to ongoing care. Since 2017, Ro has helped millions of patients in nearly every single county in the United States, including 98% of primary care deserts.

Security Engineer23 days ago
Full TimeRemoteTeam 824Since 2017
Company Site

Lead audit readiness and continuous compliance automation: manage Vanta, perform risk assessments and vendor reviews, support SOC 2/HIPAA/HITRUST audits, maintain cyber risk register, and build GRC reporting dashboards with BI tools.

VantaDrataSecureframeAWSAzureGCPLookerHexPythonJavaScriptAPITinesSoc 2HipaaHitrustNistPci
View details: Sr. GRC Engineer
West Virginia
$148K - $175K / year
Apply

Senior Cybersecurity – Exploitation Engineer

Reveal Technology

Actionable intelligence at the tactical edge

Security Engineer23 days ago
Full TimeRemoteTeam 11-50H1B No Sponsor
Company SiteLinkedIn

Senior Cybersecurity Engineer developing offensive security capabilities for a tech startup

IoTLinuxPythonTCP/IP
View details: Senior Cybersecurity – Exploitation Engineer
United States
$150K - $210K / year
Apply