Principal Software Engineer, Security

At HubSpot, security isn’t a checkbox—it’s fundamental to how we design, build, and operate our products. We’re looking for a Principal Software Engineer, Security to help define and deliver secure systems at scale: someone who writes production code, shapes architecture, and raises the bar on how security is engineered across HubSpot’s platform.

In this role, you’ll play a leading part in advancing HubSpot’s overall security posture, partnering across Product and Corporate Security to design and implement pragmatic, scalable security solutions. You’ll be a hands-on technical leader who moves comfortably between high-level strategy and deep hands-on production software development, enabling millions of customers to “Grow Better” with confidence.

If you’re motivated by protecting a large, distributed SaaS platform from emerging threats while empowering product teams to move quickly and safely, we’d love to talk.

About the team

HubSpot’s Security organization is responsible for security, privacy, and compliance across our cloud-based infrastructure and product surface area. Our mission is to provide world‐class secure platforms and guardrails that make the safest path also the easiest one for our engineers and customers.

You’ll work closely with Product, Infrastructure, Operations and Corporate Security to build defense‐in‐depth: from secure-by-default platform capabilities to resilient incident response and data protection, to a robust security program for emerging areas like AI.

Responsibilities

As a Principal Software Engineer, Security, you will:

• Lead the design and implementation of secure, scalable foundations (services, libraries, patterns, and platforms) developing the software that other HubSpot teams build on, raising the default level of security across the company with an easy-to-use paved path.
• Act as a trusted technical leader within your org, driving the development and improvement of secure software systems and influencing architectural decisions with a security mindset.
• Partner deeply with engineering and security teams (Product, Infra, Detection & Response, Compliance, etc.) to deliver practical, hands‐on solutions that mitigate real risks without sacrificing developer velocity.
• Translate organizational priorities into concrete security outcomes by defining technical direction, setting guardrails, and aligning roadmaps so that security is baked into the SDLC by default.
• Contribute production code and conduct deep design and code reviews, especially for high‐risk or foundational components, championing secure development practices and simplicity.
• Identify and assess security risks across multiple domains (application security, infrastructure, data security, detection, identity, and more), then design and drive implementation of controls and mitigations.
• Lead or play a key role in security incidents and CritSits: helping investigate, contain, and remediate issues; driving root‐cause analysis; and turning learnings into durable improvements in our systems, tooling, and processes.
• Serve as a point of contact and subject‐matter expert for security in your area, ensuring HubSpot’s products meet internal guardrails and external customer trust, compliance, and regulatory expectations.
• Help shape our approach to securing AI and emerging technologies, building and advocating for patterns that keep data and systems safe while enabling rapid innovation.
• Mentor and uplevel other engineers: sharing context, shaping designs, modeling great technical judgment, and contributing to the growth of security expertise across Product and Security teams.

Key Expectations

We’re looking for a hands‐on security engineer and technical leader with:

• 14+ years of experience in software development and information security building and operating production systems, with depth in at least one major security domain (e.g., application/product security, data security, infrastructure/cloud security, detection & response, or identity & access management).
• Proven experience designing and implementing foundational security capabilities in a cloud‐native environment (e.g., secure services, platform guardrails, policy and enforcement layers, or standardized security libraries).
• Strong grasp of modern security principles and architectures, such as Zero Trust, least privilege, continuous verification, and defense‐in‐depth, and the ability to apply them pragmatically in a large SaaS environment.
• Hands‐on experience with at least some of the following (or demonstrated ability to ramp quickly):
• Application and product security (secure coding, threat modeling, code review, abuse and fraud prevention)
• Data security and privacy engineering (encryption, key management, data classification, access patterns)
• Cloud and infrastructure security (AWS/Azure/GCP, containerization, network segmentation, secure configuration)
• Detection & response (alerting, telemetry, incident response, forensics)
• Identity, access, and authorization systems (authN/Z, policy engines, zero trust access patterns)
• Experience driving large, cross‐team initiatives: aligning stakeholders, breaking down complex problems, and leading projects from concept through rollout and iteration.
• Demonstrated ability to mentor and develop other engineers, and to influence technical direction beyond your immediate team through reviews, proposals, and thought leadership.
• Excellent communication skills, with the ability to explain complex security concepts clearly to both technical and non‐technical audiences, and to build strong, trust‐based relationships with partner teams.
• Commitment to continuous learning and staying current with evolving security threats, technologies, and best practices.
• Working knowledge of common security, privacy, and compliance frameworks (e.g., SOC 2, ISO 27001, NIST 800‐53, GDPR) and how to design systems that help us meet them at scale.

Nice to have (but not required):

• Experience securing AI/ML systems (workflows, training data, models, agents, and deployments) and mitigating AI‐specific threats.
• Experience leading large‐scale migrations or transformations (e.g., major infrastructure changes, authN/Z migrations, or data protection programs) with careful attention to customer impact and risk.
• Relevant industry certifications (e.g., CISSP, OSCP, CEH, cloud security or architecture specialties).

How you’ll work at HubSpot

• You will remain hands‐on, directly developing software, diving into technical details, and using AI‐powered development tools (e.g., GitHub Copilot, Claude, ChatGPT) to enhance productivity and code quality.
• You’ll be expected to model our Engineering Leadership Mission and embody HubSpot’s HEART and DI&B values, helping us build inclusive systems and teams that reflect and serve our diverse customer base.