[Hiring] Head of Application Security @n8n

Role Description

Your main goal will be to define and raise n8n’s security posture so we can scale product innovation, support enterprise growth, and help engineering teams ship securely by default. To do so, you’ll build the foundations, systems, and team that make security a practical and trusted part of how we operate:

• Security strategy and ownership:
  • Define what “secure” means for n8n across product, platform, and customer-facing security commitments.
  • Set the security roadmap, clarify priorities, and drive pragmatic decisions on the highest-impact risks.
  • Act as the company’s central security leader, bringing visibility, direction, and accountability across engineering and leadership.
• Security enablement for engineering:
  • Build the tooling, guardrails, and workflows that help engineering teams ship secure code without unnecessary friction.
  • Embed security into the SDLC through pragmatic reviews, standards, automation, and developer education.
  • Partner with teams across product and engineering to ensure security is considered early in architecture, infrastructure, and delivery decisions.
• Vulnerability management, incidents, and trust:
  • Own vulnerability management operations, including intake, triage, disclosure, bug bounty coordination, and remediation follow-through.
  • Lead incident readiness and response by creating playbooks, running exercises, and coordinating investigations when needed.
  • Drive Trust & Safety enablement by improving how we handle abuse risk, AI-related threat vectors, and platform misuse.
• Team building and enterprise readiness:
  • Build and lead n8n’s security function over time, including hiring and shaping the team based on evolving business needs.
  • Support enterprise growth through strong security questionnaire responses, customer conversations, and clear evidence of our practices.
  • Establish scalable ways of working with Engineering, IT, Legal, and leadership so security responsibilities are clear and effective.

Qualifications

• Security leadership experience: Significant experience leading security in a SaaS, cloud, or product-led technology environment, with ownership beyond isolated technical tasks.
• Hands-on product and platform security depth: Strong practical experience in application security, cloud or platform security, vulnerability management, and secure engineering practices.
• Pragmatic risk judgment: Ability to define priorities, make trade-offs, and focus teams on the security work that matters most.
• Cross-functional influence: Able to work credibly with engineers, engineering leadership, and non-technical stakeholders to drive action on security topics.
• Builder mindset: Experience operating in ambiguity and creating structure, standards, and momentum where little existed previously.
• Clear communication: Ability to explain security risks, decisions, and expectations clearly to both technical and non-technical audiences, including customers when needed.
• Security enablement approach: View security as an enabler of product velocity and know how to build guardrails, tooling, and workflows that teams will actually adopt.
• Incident and vulnerability ownership: Experience leading or coordinating vulnerability disclosure, remediation, and incident response processes in practice.
• Resilience under pressure: Stay calm, credible, and effective when dealing with external pressure, urgent incidents, customer escalations, or high-stakes security discussions.
• Executive maturity and judgment: Comfortable representing security externally and internally, balancing urgency, transparency, and sound decision-making in sensitive situations.

Requirements

• Enterprise SaaS experience: Helped mature security in a company selling into larger enterprise customers with increasing security review expectations.
• AI and abuse-risk exposure: Experience thinking through security implications of AI-enabled products, agentic systems, or platform misuse and abuse cases.
• DevSecOps and automation expertise: Built or improved security automation across CI/CD, developer workflows, or internal security platforms.
• Open-source or developer-tooling background: Understanding of the security challenges and trade-offs that come with technical products, communities, or open-source-adjacent environments.
• Team scaling experience: Hired or grown security teams and can assess what capabilities and team shape are needed over time.
• Customer trust and compliance support: Partnered on security questionnaires, audits, or enterprise-facing trust work without treating compliance as the end goal.

Benefits

• Competitive compensation: Fair and attractive pay.
• Ownership: Get a slice of n8n with equity.
• Work/life balance:
  • Europe: 30 days of vacation, plus public holidays.
  • US: 20 vacation days, 8 sick days, plus public holidays.
• Health & wellness:
  • Europe: Benefits according to local country norms.
  • US: Multiple low-premium, low-deductible medical plans with coverage for individuals and families, plus dental and vision coverage.
• Future planning:
  • Europe: Pension contributions according to local country norms.
  • US: 401(k) retirement plan with a 4% employer match.
• Financial security:
  • Europe: Benefits according to local country norms.
  • US: Company-paid short-term and long-term disability insurance, plus life insurance.
• Career growth: €1K (or equivalent) per year to spend on courses, books, events, or coaching.
• A passionate team: Regular hackathons to build cool things.
• Remote-first: Team works remotely across Europe, with regular off-sites for team bonding.
• Giving back: $100 per month to support open source projects.
• AI enablement: Unlimited AI budget to explore and use the best tools.
• Transparency: Everyone knows what everyone’s working on and how the company is doing.
• An ambitious but kind culture: eNPS for 2024 is 94!