Principal Software Engineer, Security

Описание вакансии

POS-2643

At HubSpot, security isn’t a checkbox—it’s fundamental to how we design, build, and operate our products. We’re looking for a Principal Software Engineer, Security to help define and deliver secure systems at scale: someone who writes production code, shapes architecture, and raises the bar on how security is engineered across HubSpot’s platform.

In this role, you’ll play a leading part in advancing HubSpot’s overall security posture, partnering across Product and Corporate Security to design and implement pragmatic, scalable security solutions. You’ll be a hands-on technical leader who moves comfortably between high-level strategy and deep hands-on production software development, enabling millions of customers to “Grow Better” with confidence.

If you’re motivated by protecting a large, distributed SaaS platform from emerging threats while empowering product teams to move quickly and safely, we’d love to talk.

About the team

HubSpot’s Security organization is responsible for security, privacy, and compliance across our cloud-based infrastructure and product surface area. Our mission is to provide world‑class secure platforms and guardrails that make the safest path also the easiest one for our engineers and customers.

You’ll work closely with Product, Infrastructure, Operations and Corporate Security to build defense‑in‑depth: from secure-by-default platform capabilities to resilient incident response and data protection, to a robust security program for emerging areas like AI.

Responsibilities

As a Principal Software Engineer, Security, you will:

• Lead the design and implementation of secure, scalable foundations (services, libraries, patterns, and platforms)  developing the software that other HubSpot teams build on, raising the default level of security across the company with an easy-to-use paved path.
• Act as a trusted technical leader within your org, driving the development and improvement of secure software systems and influencing architectural decisions with a security mindset.
• Partner deeply with engineering and security teams (Product, Infra, Detection & Response, Compliance, etc.) to deliver practical, hands‑on solutions that mitigate real risks without sacrificing developer velocity.
• Translate organizational priorities into concrete security outcomes by defining technical direction, setting guardrails, and aligning roadmaps so that security is baked into the SDLC by default.
• Contribute production code and conduct deep design and code reviews, especially for high‑risk or foundational components, championing secure development practices and simplicity.
• Identify and assess security risks across multiple domains (application security, infrastructure, data security, detection, identity, and more), then design and drive implementation of controls and mitigations.
• Lead or play a key role in security incidents and CritSits: helping investigate, contain, and remediate issues; driving root‑cause analysis; and turning learnings into durable improvements in our systems, tooling, and processes.
• Serve as a point of contact and subject‑matter expert for security in your area, ensuring HubSpot’s products meet internal guardrails and external customer trust, compliance, and regulatory expectations.
• Help shape our approach to securing AI and emerging technologies, building and advocating for patterns that keep data and systems safe while enabling rapid innovation.
• Mentor and uplevel other engineers: sharing context, shaping designs, modeling great technical judgment, and contributing to the growth of security expertise across Product and Security teams.

Key Expectations

We’re looking for a hands‑on security engineer and technical leader with:

• 14+ years of experience in software development and information security building and operating production systems, with depth in at least one major security domain (e.g., application/product security, data security, infrastructure/cloud security, detection & response, or identity & access management).
• Proven experience designing and implementing foundational security capabilities in a cloud‑native environment (e.g., secure services, platform guardrails, policy and enforcement layers, or standardized security libraries).
• Strong grasp of modern security principles and architectures, such as Zero Trust, least privilege, continuous verification, and defense‑in‑depth, and the ability to apply them pragmatically in a large SaaS environment.
• Hands‑on experience with at least some of the following (or demonstrated ability to ramp quickly):

• Application and product security (secure coding, threat modeling, code review, abuse and fraud prevention)
• Data security and privacy engineering (encryption, key management, data classification, access patterns)
• Cloud and infrastructure security (AWS/Azure/GCP, containerization, network segmentation, secure configuration)
• Detection & response (alerting, telemetry, incident response, forensics)
• Identity, access, and authorization systems (authN/Z, policy engines, zero trust access patterns)

• Experience driving large, cross‑team initiatives: aligning stakeholders, breaking down complex problems, and leading projects from concept through rollout and iteration.
• Demonstrated ability to mentor and develop other engineers, and to influence technical direction beyond your immediate team through reviews, proposals, and thought leadership.
• Excellent communication skills, with the ability to explain complex security concepts clearly to both technical and non‑technical audiences, and to build strong, trust‑based relationships with partner teams.
• Commitment to continuous learning and staying current with evolving security threats, technologies, and best practices.
• Working knowledge of common security, privacy, and compliance frameworks (e.g., SOC 2, ISO 27001, NIST 800‑53, GDPR) and how to design systems that help us meet them at scale.

Nice to have (but not required):

• Experience securing AI/ML systems (workflows, training data, models, agents, and deployments) and mitigating AI‑specific threats.
• Experience leading large‑scale migrations or transformations (e.g., major infrastructure changes, authN/Z migrations, or data protection programs) with careful attention to customer impact and risk.
• Relevant industry certifications (e.g., CISSP, OSCP, CEH, cloud security or architecture specialties).

How you’ll work at HubSpot

• You will remain hands‑on, directly developing software, diving into technical details, and using AI‑powered development tools (e.g., GitHub Copilot, Claude, ChatGPT) to enhance productivity and code quality.
• You’ll be expected to model our Engineering Leadership Mission and embody HubSpot’s HEART and DI&B values, helping us build inclusive systems and teams that reflect and serve our diverse customer base.

Pay & Benefits

The cash compensation below includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot’s bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot’s equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are tailored to your skills, experience, qualifications, and other job-related reasons.

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot’s compensation philosophy.

Benefits are also an important piece of your total compensation package. Explore the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices aren’t just about checking off the box for legal compliance. It’s about living out our value of transparency with our employees, candidates, and community.

Annual Cash Compensation Range:

$313,800—$502,080 USD

We know the confidence gapandimpostor syndrome can get in the way of meeting spectacular candidates, so please don’t hesitate to apply — we’d love to hear from you.

If you need accommodations or assistance due to a disability, please reach out to us using this form.

At HubSpot, we value both flexibility and connection. Whether you’re a Remote employee or work from the Office, we want you to start your journey here by building strong connections with your team and peers. If you are joining our Engineering team, you will be required to attend a regional HubSpot office for in-person onboarding. If you join our broader Product team, you’ll also attend other in-person events, such as your Product Group Summit and other gatherings, to continue building on those connections.

If you require an accommodation due to travel limitations or other reasons, please inform your recruiter during the hiring process. We are committed to supporting candidates who may need alternative arrangements

*Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.*

Germany Applicants: (m/f/d) - link to HubSpot's Career Diversity page here.

India Applicants: link to HubSpot India's equal opportunity policy here.

About HubSpot

HubSpot (NYSE: HUBS) is an AI-powered customer platform with all the software, integrations, and resources customers need to connect marketing, sales, and service. HubSpot's connected platform enables businesses to grow faster by focusing on what matters most: customers.

At HubSpot, bold is our baseline. Our employees around the globe move fast, stay customer-obsessed, and win together. Our culture is grounded in four commitments: Solve for the Customer, Be Bold, Learn Fast, Align, Adapt & Go!, and Deliver with HEART. These commitments shape how we work, lead, and grow.

We’re building a companywhere people can do their best work. We focus on brilliant work, not badge swipes. By combining clarity, ownership, and trust, we create space for big thinking and meaningful progress. And we know that when our employees grow, our customers do too.

Recognized globally for our award-winning culture by Comparably, Glassdoor, Fortune, and more, HubSpot is headquartered in Cambridge, MA, with employees and offices around the world.

Explore more:

• HubSpot Careers
• Life at HubSpot on Instagram

HubSpot may use AI to help screen or assess candidates, but all hiring decisions are always human. More information can be found here. By submitting your application, you agree that HubSpot may collect your personal data for recruiting, global organization planning, and related purposes. We may use CLEAR ID Verification during the hiring process to confirm your identity and help maintain a safe, secure, and trusted experience for all candidates. Refer to HubSpot's Recruiting Privacy Notice for details on data processing and your rights.