Distinguished Software Engineer (Security)

Location: Remote - USA

Department: Engineering

About the Role

At HubSpot, we power the way companies grow through our industry-leading CRM platform and inbound marketing solutions, helping businesses attract visitors, convert leads, and close customers in a customer-first way. As a Distinguished Software Engineer (Security) in our Engineering team, you'll be a pivotal leader in safeguarding this ecosystem for millions of users worldwide. You'll architect cutting-edge security solutions that enable our flywheel of growth while embedding security into every aspect of our product development, from marketing automation to sales pipelines. In our vibrant, growth-oriented culture, you'll thrive by collaborating with brilliant minds who value humility, empathy, adaptability, remarkable, and transparency (HEART). Your role will involve leading the design of scalable security architectures tailored to our multi-tenant SaaS environment, conducting advanced threat modeling for inbound marketing features, and championing secure SDLC practices across our engineering pods. You'll mentor senior engineers, influence cross-functional teams including product and customer success, and drive initiatives that protect customer data while fueling HubSpot's mission to help companies grow better. Expect to tackle complex challenges like zero-trust implementations, AI-driven threat detection, and compliance for global scale, all while contributing to a culture that celebrates innovation and customer obsession. We're looking for a seasoned security expert with a passion for growth-stage tech and a track record of delivering impact in high-stakes environments. Join us to shape the future of secure CRM innovation, where your work directly empowers businesses to achieve remarkable results. HubSpot is committed to creating an inclusive environment and we encourage applications from diverse backgrounds.

Key Responsibilities

• Architect and implement security systems to protect HubSpot's CRM and inbound marketing platform serving millions of users
• Lead threat modeling and risk assessments for new features in our growth-focused product suite
• Drive adoption of secure coding practices across engineering teams in our high-velocity culture
• Collaborate with product managers to embed security into inbound marketing and sales tools
• Mentor senior engineers on advanced security topics like encryption, identity management, and API security
• Respond to and investigate security incidents, ensuring minimal impact on customer growth journeys
• Partner with compliance teams to maintain SOC 2 Type II, GDPR, and other certifications
• Innovate on zero-trust architectures tailored to HubSpot's cloud-native, multi-tenant environment
• Contribute to open-source security tools that align with HubSpot's HEART culture of humility, empathy, and transparency
• Influence company-wide security strategy to support our flywheel of customer success and revenue growth
• Conduct security reviews and penetration testing for inbound methodology integrations

Required Qualifications

• 15+ years of software engineering experience, with at least 8 years in security engineering or related fields
• Deep expertise in designing and implementing security architectures for cloud-native SaaS platforms
• Proven track record of leading security initiatives in high-growth environments, ideally in CRM or marketing technology
• Bachelor's or Master's degree in Computer Science, Engineering, or equivalent practical experience
• Experience with compliance frameworks such as SOC 2, GDPR, and ISO 27001 in enterprise SaaS contexts
• Strong understanding of threat modeling, secure SDLC, and zero-trust security principles
• History of mentoring engineering teams and driving security culture in fast-paced organizations
• Ability to collaborate cross-functionally with product, sales, and customer success teams

Preferred Qualifications

• Experience securing CRM platforms or inbound marketing tools like HubSpot
• Familiarity with HubSpot's tech stack including AWS, Go, React, and Python
• Contributions to open-source security projects or publications in security conferences
• Prior leadership in incident response for large-scale SaaS outages
• Knowledge of AI/ML security in marketing automation systems
• MBA or advanced business degree with focus on growth-stage companies

Required Skills

• Expertise in cloud security (AWS, GCP, or Azure)
• Proficiency in secure coding in Go, Python, or Java
• Deep knowledge of OAuth, SAML, and identity federation
• Experience with SIEM tools like Splunk or ELK stack
• Threat modeling and attack simulation (e.g., STRIDE, MITRE ATT&CK)
• Container security (Docker, Kubernetes)
• Encryption standards (TLS, AES, PKI)
• API security and rate limiting for high-traffic SaaS
• Incident response and forensics
• Cross-functional collaboration and influence without authority
• Strategic thinking for growth-stage challenges
• Communication of complex security concepts to non-technical stakeholders
• Adaptability in a fast-paced, inbound marketing environment
• Leadership and mentorship
• Problem-solving under pressure
• Familiarity with CRM data privacy requirements

Benefits

• Unlimited PTO and flexible work from home policy to support work-life harmony
• Comprehensive health, dental, and vision insurance with low employee premiums
• 401(k) match and employee stock purchase plan for long-term wealth building
• Quarterly profit sharing tied to company growth and performance
• Fully-paid parental leave (16 weeks) and family planning benefits
• Learning stipend and tuition reimbursement for continuous professional development
• HubSpot swag, culture events, and volunteer time off to embody our growth culture
• Home office setup allowance and wellness reimbursement
• Global employee assistance program for mental health support

HubSpot is an equal opportunity employer.