Senior Director, Product Security

About 1Password

At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 165,000 businesses and millions of people trust us to provide seamless, secure access to their most critical information. 

If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future.

We’re looking for an experienced security leader to grow and mature the Product Security function here at 1Password. You will be responsible for Application Security, including the Bug Bounty, Vulnerability Management, and secure SDLC programs. You will also lead Data and Device Security, ensuring that 1Password continues to deliver secure solutions that meet our customers needs. Finally, build and lead a Security Research team.

As the Sr. Director of Product Security, you will set the strategy, build and scale programs, and partner with engineering, product, and security leadership to reduce risk while enabling innovation. You’ll manage a team of highly skilled security professionals, serve as a trusted advisor to the CISO, and act as a thought leader both inside and outside the organization. As a member of the security leadership team, you will also partner with other leaders across security and the company to drive great security outcomes for our customers

You will report directly to the CISO.

What to expect:

• People Leadership: Serve as a great people leader, managing ICs and managers, providing regular 1-1s, performance feedback, and career development. Hire security engineers and analysts who complement the team and bring new perspectives.

• Program Leadership & Partnerships: Define and drive the company-wide Product Security strategy, with a focus on proactive risk reduction and enabling secure AI innovation. Build and scale world-class programs for Application Security, Bug Bounty, Vulnerability Management, Data and Device Security, and Secure SDLC. Establish metrics, reporting, and dashboards to measure program success and risk reduction.

• Application Security & Secure SDLC. Develop and oversee secure coding practices with an emphasis on AI adoption, threat modeling, security reviews, and code analysis practices. Partner with engineering leadership to embed security into the SDLC and CI/CD pipelines, ensuring security is integrated from design to deployment. Enable developers with tools, training, and automation to shift security left.

• Bug Bounty, Vulnerability Management, & Pentesting. Oversee vulnerability management and pentesting programs. Ensure rapid triage, prioritization, and remediation of vulnerabilities across the environment. Partner with external researchers and internal teams to build a collaborative vulnerability disclosure program. Participate in an on-call rotation and support your team through the incident management process.

• Data & Device Security. Lead data security program, responsible for our underlying cryptography and cryptographic libraries across product offerings as well as codebase secrets management. Lead device security program, responsible for the development of security libraries and frameworks to support product feature development, security vulnerability remediation and minimization. Oversee security standards initiatives and critical security product features.

• Cross-Functional Collaboration & Leadership. Partner with Product, Engineering, and other teams to balance security with business and product priorities. Represent Product Security in executive and board-level discussions, providing data-driven insights and recommendations. Mentor and develop a high-performing security team, fostering growth and accountability.

• Security Research. Build and lead a Security Research team focused on identifying emerging threats, new attack vectors, and innovative defensive techniques that support 1Password’s products and customers. Drive original research into product, application, and ecosystem-level vulnerabilities, publishing findings responsibly where appropriate. Engage with the broader security community to stay ahead of evolving risks and bring insights back into product security programs.

What we're looking for:

• 9+ years of progressive experience in security, with at least 5+ years leading security teams/programs at scale.

• Education: Bachelors degree in Computer Science, Information Technology, Computer Engineering, or related fields; or equivalent work experience.

• Deep expertise in Application Security, Vulnerability Management, Secure SDLC, and Bug Bounty programs.

• Experience leading Security Research activities and engaging the security research community.

• Strong track record of embedding security into engineering processes and influencing product development.

• Proven experience leading security teams in high-growth technology or security-focused companies.

• Passion for fostering psychological safety and stability in high stress environments.

• Excellent communication skills with ability to convey complex security issues to technical and non-technical stakeholders, including executives and boards.

• Thought leader with visibility in the security community (public speaking, open-source contributions, bug bounty engagement, etc.) a strong plus.

• Experience leading security initiatives that support and/or incorporate AI capabilities.

• Demonstrated software development experience with Go, Ruby on Rails, shell scripting, python, or other languages.

• Experience collaborating across departments such as with internal business or engineering units, external incident response teams, and research teams.
  

USA-based roles only: The annual base salary for this role is between $289,000 USD and $391,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

Canada-based roles only: The annual base salary for this role is between $270,000 CAD and $366,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs.

At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set.

Our culture

At 1Password, we prioritize collaboration, clear and transparent communication, receptiveness to feedback, and alignment with our core values: keep it simple, lead with honesty, and put people first.

You’ll be part of a team that challenges the status quo, and is excited to experiment and iterate in search of the best solution. That said, 1Password is not for everyone. Our work is demanding, we strive for excellence, and the pace is fast. We need people who are keen to take on challenging problems, who seek feedback to grow, and who are driven to make an impact. If you're looking for a place where you can settle into a comfortable routine, this might not be the right fit for you. We’re looking for individuals who are proven experts in their fields, as well as those who are highly adaptable, can thrive in ambiguity and through change, are curious, and above all deliver results.

We are committed to leveraging cutting-edge technology—including AI—to achieve our mission. We also understand that thinking critically about AI in its current forms will help us create better solutions for our customers and ourselves with its future forms, which will help us continue to close the gap between security and privacy and achieve our mission. We want team members at all levels to take the approach of actively learning AI best practices, identifying opportunities to apply AI in meaningful ways, and driving innovative solutions in their daily work. Embracing the future of AI isn't just encouraged at 1Password—it's an essential part of how we will be successful at 1Password.

Our approach to remote work

We believe in the power of remote work, but recognize that in-person connection is important to help us achieve our mission. While we are a remote-first company, travel for in-person engagement is a part of almost all roles, and we require our employees to be ready and willing to take part. Frequency will depend on role and responsibilities, and may include, but is not limited to: annual department-wide offsites, team meetings, and customer/industry events.

What we offer

We believe in working hard, and rewarding that hard work through our benefits. While not an exhaustive list, here is a glance at what we currently offer:

Health and wellbeing

👶 Maternity and parental leave top-up programs

🩺 Competitive health benefits

🏝 Generous PTO policy

Growth and future

📈 RSU program for most employees

💸 Retirement matching program

🔑 Free 1Password account

Community

🤝 Paid volunteer days

🏆 Peer-to-peer recognition through Bonusly

🌎 Remote-first work environment

*Some roles in our GTM team are currently being hired for in-person hybrid work in Toronto and Austin. These roles will specify on the posting.

You belong here.

1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love.

Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at [email protected] and we’ll work to meet your needs.

Remote work is a part of our DNA. Given that our company was founded remotely in 2005, we can safely say we're experts at building remote culture. That said, remote work at 1Password does mean working from your home country. If you've got questions or concerns about this, your talent partner would be happy to address them with you.

Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law.

1Password uses artificial intelligence (AI) and machine learning (ML) technologies, including natural language processing and predictive analytics, to assist in the initial screening of employment applications and improve our recruitment process. See here for the latest third party bias audit information. If you prefer not to have your application assessed using AI/ML features, you may opt out by completing this form. For additional information see our Candidate Privacy Notice.