Senior IT Security & Systems Engineer

HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.

HackerOne Values

HackerOne is dedicated to fostering a strong and inclusive culture. HackerOne is Customer Obsessed and prioritizes customer outcomes in our decisions and actions. We Default to Disclosure by operating with transparency and integrity, ensuring trust and accountability. Employees, researchers, customers, and partners Win Together by fostering empowerment, inclusion, respect, and accountability.

Senior IT Security & Systems Engineer 

Location(s): Washington DC, Austin Tx, San Francisco, or Seattle WA

Position Summary

At HackerOne, security is at the heart of everything we do. We are looking for an IT Security Engineer to join our IT Engineering team, ensuring that our infrastructure, systems, and processes are secure, resilient, and compliant. This role is ideal for someone with a strong background in IT systems administration, SaaS application security, and security operations, who can take a hands-on approach to securing and optimizing our IT environment.

As the security point of contact within IT, you will work closely with our Security and compliance teams to ensure that our tools, infrastructure, and systems meet security and regulatory requirements. You will be responsible for collaborating cross-functionally to manage security incidents, tracking and remediating audit-related tasks, securing internal IT tools, and improving endpoint security, IAM, and SaaS security posture. Additionally, you will help automate security controls, enforce security policies, and proactively identify risks across IT-managed environments.

This role requires a blend of security engineering, IT operations, and compliance expertise. You will play a key role in securing our cloud and on-prem environments, optimizing IT security processes, and driving security best practices across the company.

At HackerOne, we embrace a Flexible Work approach, enabling our team members to work remotely while maintaining productivity and collaboration. We are seeking candidates located in Washington DC, Austin Tx, San Francisco, or Seattle WA, and the surrounding metropolitan areas, to facilitate occasional in-person interactions as needed. While the position is primarily remote, there will be periodic in-person requirements to support team collaboration and foster stronger connections. This approach ensures flexibility while providing opportunities to build meaningful in-person relationships that strengthen our team and company culture.

What You Will Do

• Develop, implement, and administer security controls for IT-managed infrastructure, SaaS applications, and endpoint security, ensuring best practices.

• Work closely with security and compliance teams to align IT tools, applications, and processes to ensure we maintain compliance and regulatory requirements (SOC 2, ISO 27001, NIST, etc.) 

• Manage and respond to IT security incidents, including investigation, remediation, and post-mortem analysis, while continuously improving response processes.

• Automate security processes, monitoring, and enforcement through scripting (Python, Bash, PowerShell) and infrastructure as code (IaC) solutions like Terraform or Workato.

• Enhance security and compliance across IT systems, including IAM, endpoint security (MDM solutions like Kandji or JAMF), and SaaS security for applications like Google Workspace, Okta, and AWS.

• Conduct security assessments, risk analysis, and audits to identify vulnerabilities, improve security posture, and ensure compliance.

• Partner with vendors and internal teams to evaluate and integrate security tools and enterprise security solutions for corporate IT.

• Support operational security responsibilities, including security reviews, consulting, and on-call support, while improving automation, playbooks, and response processes.

• This position participates in an on call rotation.

Minimum Qualifications  

• 8+ years of experience in IT security, system administration, or security engineering within a corporate IT environment.

• Experience administering IT security and access controls for SaaS applications (Google Workspace, Okta, Slack, AWS, Lumos, Monday.com, etc.).

• Familiarity with security automation and scripting (Python, Bash, PowerShell, Workato) to improve IT security processes.

• Experience with MDM solutions (Kandji or similar) for securing and managing Apple devices and endpoints.

Preferred Qualifications

• Hands-on experience securing IT systems, SaaS applications, and cloud environments (AWS, GCP, or Azure), including IAM and endpoint security.

• Experience developing and automating security controls using scripting (Python, Bash, PowerShell) and infrastructure as code (IaC) solutions like Terraform or Workato.

• Proficiency with security tools such as EDR, SIEM, vulnerability management, and identity providers (Okta, Active Directory, etc.).

• Understanding of incident response processes and IT security monitoring, including participation in an on-call rotation for critical security events.

Compensation

San Francisco

$136K – $170K • Offers Equity

Seattle, Austin, DC Area

$122K – $153K • Offers Equity

#LI-Remote

#LI-HM1

Job Benefits:

• Health (medical, vision, dental), life, and disability insurance*

• Equity stock options

• Retirement plans

• Paid public holidays and unlimited PTO

• Paid maternity and parental leave

• Leaves of absence (including caregiver leave and leave under CO's Healthy Families and Workplaces Act)

• Employee Assistance Program

• Flexible Work Stipend

*Eligibility may differ by country

We're committed to building a global team! For certain roles outside the United States, U.K., and the Netherlands, we partner with Remote.com as our Employer of Record (EOR).

Employment at HackerOne is contingent on a background check.

HackerOne is an Equal Opportunity Employer in the terms and conditions of employment for all employees and job applicants without regard to race, color, religion, sex, sexual orientation, age, gender identity or gender expression, national origin, pregnancy, disability or veteran status, or any other protected characteristic as outlined by international, federal, state, or local laws.

This policy applies to all HackerOne employment practices, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. HackerOne makes hiring decisions based solely on qualifications, merit, and business needs at the time.

For US based roles only: Pursuant to the San Francisco Fair Chance Ordinance, all qualified applicants with arrest and conviction records will be considered for the position.

Salary: ${'@type': 'MonetaryAmount', 'currency': 'USD', 'value': {'@type': 'QuantitativeValue', 'minValue': 122000, 'maxValue': 170000, 'unitText': 'YEAR'}}