Principal Software Engineer, Security

About The Position

Requirements

• 14+ years of experience in software development and information security building and operating production systems, with depth in at least one major security domain (e.g., application/product security, data security, infrastructure/cloud security, detection & response, or identity & access management).
• Proven experience designing and implementing foundational security capabilities in a cloud‑native environment (e.g., secure services, platform guardrails, policy and enforcement layers, or standardized security libraries).
• Strong grasp of modern security principles and architectures, such as Zero Trust, least privilege, continuous verification, and defense‑in‑depth, and the ability to apply them pragmatically in a large SaaS environment.
• Hands‑on experience with at least some of the following (or demonstrated ability to ramp quickly): Application and product security (secure coding, threat modeling, code review, abuse and fraud prevention) Data security and privacy engineering (encryption, key management, data classification, access patterns) Cloud and infrastructure security (AWS/Azure/GCP, containerization, network segmentation, secure configuration) Detection & response (alerting, telemetry, incident response, forensics) Identity, access, and authorization systems (authN/Z, policy engines, zero trust access patterns)
• Experience driving large, cross‑team initiatives: aligning stakeholders, breaking down complex problems, and leading projects from concept through rollout and iteration.
• Demonstrated ability to mentor and develop other engineers, and to influence technical direction beyond your immediate team through reviews, proposals, and thought leadership.
• Excellent communication skills, with the ability to explain complex security concepts clearly to both technical and non‑technical audiences, and to build strong, trust‑based relationships with partner teams.
• Commitment to continuous learning and staying current with evolving security threats, technologies, and best practices.
• Working knowledge of common security, privacy, and compliance frameworks (e.g., SOC 2, ISO 27001, NIST 800‑53, GDPR) and how to design systems that help us meet them at scale.

Nice To Haves

• Experience securing AI/ML systems (workflows, training data, models, agents, and deployments) and mitigating AI‑specific threats.
• Experience leading large‑scale migrations or transformations (e.g., major infrastructure changes, authN/Z migrations, or data protection programs) with careful attention to customer impact and risk.
• Relevant industry certifications (e.g., CISSP, OSCP, CEH, cloud security or architecture specialties).

Responsibilities

• Lead the design and implementation of secure, scalable foundations (services, libraries, patterns, and platforms) developing the software that other HubSpot teams build on, raising the default level of security across the company with an easy-to-use paved path.
• Act as a trusted technical leader within your org, driving the development and improvement of secure software systems and influencing architectural decisions with a security mindset.
• Partner deeply with engineering and security teams (Product, Infra, Detection & Response, Compliance, etc.) to deliver practical, hands‑on solutions that mitigate real risks without sacrificing developer velocity.
• Translate organizational priorities into concrete security outcomes by defining technical direction, setting guardrails, and aligning roadmaps so that security is baked into the SDLC by default.
• Contribute production code and conduct deep design and code reviews, especially for high‑risk or foundational components, championing secure development practices and simplicity.
• Identify and assess security risks across multiple domains (application security, infrastructure, data security, detection, identity, and more), then design and drive implementation of controls and mitigations.
• Lead or play a key role in security incidents and CritSits: helping investigate, contain, and remediate issues; driving root‑cause analysis; and turning learnings into durable improvements in our systems, tooling, and processes.
• Serve as a point of contact and subject‑matter expert for security in your area, ensuring HubSpot’s products meet internal guardrails and external customer trust, compliance, and regulatory expectations.
• Help shape our approach to securing AI and emerging technologies, building and advocating for patterns that keep data and systems safe while enabling rapid innovation.
• Mentor and uplevel other engineers: sharing context, shaping designs, modeling great technical judgment, and contributing to the growth of security expertise across Product and Security teams.