Director, Security Research

Join to apply for the Director, Security Research role at 1Password 1Password is growing faster than ever. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle, Red Bull Racing and the Utah Mammoth. At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign‑in is secure, and every device is trusted. We innovated the market‑leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human‑centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work. If you’re excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast‑paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future. We’re looking for an experienced security leader to stand up a world‑class security research program with trusted technical experts, advancing both the security of 1Password’s products and the broader identity security landscape. You will define and execute a rigorous research agenda across application security, cryptography, identity, and access governance. You’ll have the opportunity to not only identify vulnerabilities but actively drive their mitigation, using your unique perspective to shape our security strategy. As a member of the Product Security function, you will partner with engineers, product teams, marketing, and security leaders to protect our customers and contribute to a safer digital future. You will establish deep partnerships with the global security research community through conference talks, technical publications, responsible disclosure, and collaborative dialogue. This is a remote opportunity within Canada and the US. What To Expect Principled Program Leadership: Design and drive a greenfield security research program focused on identifying emerging threats, new attack vectors, and innovative defensive techniques that support 1Password’s products and customers. Set a high bar for evidence, rigor, and responsibility while avoiding sensationalism and scare tactics. Vulnerability Research: Drive original research into product, application, and ecosystem‑level vulnerabilities, publishing findings responsibly where appropriate. Research classes of vulnerabilities and risks that extend beyond 1Password, improving the identity security landscape for all. Standards and Thought Leadership: Participate in and lead engagement in standards groups such as NIST, FIDO, and MCP. Advance knowledge in cryptography, identity security, and access governance. Establish thought leadership on high‑stakes topics such as AI Security, Agentic Security, and the interaction between PAM and AI. Community Engagement: Engage with the broader security community to stay ahead of evolving risks and bring insights back into product security programs. Present research at major security conferences and participate in industry forums. Technical Storytelling: Develop recognizable external presence. Produce and publish high quality technical publications, including white papers, blogs, and social media posts on high‑stakes topics that Security Leaders care about. Internal SME: Contribute research that shapes internal product direction and security strategy, informing detection capabilities, product security priorities, and decisions based on real‑world risk. Cross‑Functional Collaboration & Leadership: Partner with Product, Marketing, Engineering, and other teams by providing technical insights and evidence‑based recommendations. Mentor and develop a high‑performing security team, fostering growth and accountability. What We're Looking For 7+ years of progressive experience in security, including 5+ years leading security teams or programs at scale. Education: Bachelor’s degree in Computer Science, Information Technology, Computer Engineering, or a related field; or equivalent practical experience. Security research expertise: Proven ability to design and execute independent research programs, identify novel and subtle vulnerabilities, and publish high‑quality technical findings. Red team experience: Hands‑on background in red teaming, offensive security assessments, exploit development, or advanced adversarial simulation. Deep domain expertise across Application Security, Vulnerability Research, Cryptography, Identity, and Access Governance. AI security experience: Familiarity with prompt injection, AI‑based attacks, data poisoning, AI design architecture, and related vectors. Demonstrated thought leadership: A strong record of impactful publications, conference presentations, vulnerability disclosures, or community contributions that advanced security understanding across the industry. Integrity and ethical rigor: Consistent history of handling vulnerabilities and disclosures responsibly while engaging constructively with vendors and the research community. Exceptional communication skills, with the ability to translate complex security concepts into clear narratives for both technical and non‑technical audiences. Community visibility: Participation in the security community through public speaking, open‑source work, bug bounty engagement, standards committees, or similar avenues. Software engineering proficiency: Experience developing or auditing code in languages such as Go, Ruby on Rails, Python, shell scripting, or equivalent modern languages and frameworks. USA‑based roles only: The annual base salary for this role is between $258,000 USD and $350,000 USD, plus immediate participation in 1Password’s benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs. Canada‑based roles only: The annual base salary for this role is between $242,000 CAD and $328,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs. At 1Password, we approach each individual’s compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set. Our Culture At 1Password, we prioritize collaboration, clear and transparent communication, receptiveness to feedback, and alignment with our core values: keep it simple, lead with honesty, and put people first. You’ll be part of a team that challenges the status quo, and is excited to experiment and iterate in search of the best solution. That said, 1Password is not for everyone. Our work is demanding, we strive for excellence, and the pace is fast. We need people who are keen to take on challenging problems, who seek feedback to grow, and who are driven to make an impact. If you’re looking for a place where you can settle into a comfortable routine, this might not be the right fit for you. We’re looking for individuals who are proven experts in their fields, as well as those who are highly adaptable, can thrive in ambiguity and through change, are curious, and above all deliver results. Our Approach to Remote Work We believe in the power of remote work, but recognize that in‑person connection is important to help us achieve our mission. While we are a remote‑first company, travel for in‑person engagement is a part of almost all roles, and we require our employees to be ready and willing to take part. Frequency will depend on role and responsibilities, and may include, but is not limited to: annual department‑wide off‑sites, team meetings, and customer/industry events. What We Offer Maternity and parental leave top‑up programs