Senior Security Engineer, Incident Response

1Password is growing faster than ever. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle Red Bull Racing and the Utah Mammoth.

About 1Password

At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work.

If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future.

At 1Password, security isn’t just a feature – it’s our foundation. The Security Operations team’s mission is to protect the business by securing the systems, tools, and processes that power how we work. Our mission is to keep 1Password productive, resilient, and safe through proactive monitoring, rapid response, and continuous improvement of preventative and detective controls.

As a Senior Security Engineer on the Incident Response team, you will lead complex security investigations while also building the systems and automation that make response faster, more reliable, and more scalable.

This role blends deep investigative expertise, hands-on engineering, and structured incident coordination. You will drive incidents end-to-end, build automation and workflows that reduce response friction, and contribute to a culture of learning and psychological safety during high-pressure situations.

This is a high-impact role with meaningful ownership across both incident execution and operational engineering.

This role reports to the Manager of Security Incident Response.

What You’ll Do

• Lead and execute security incidents end-to-end, from initial signal through containment, recovery, and post-incident review

• Assess severity, declare incidents, and drive structured coordination and decision-making during active response

• Perform hands-on investigations and threat hunting to determine root cause, attacker behavior, scope, and impact

• Design and build automation to reduce triage, investigation, and response time

• Develop scalable systems and workflows that improve incident response and incident management

• Identify recurring pain points and detection/response gaps, and implement durable engineering solutions

• Improve incident response playbooks, case management, and orchestration tooling

• Apply AI-assisted tooling to enhance triage, enrichment, and investigative workflows while maintaining accuracy

Who You Are

• An experienced incident lead who can independently drive complex investigations and coordinate diverse stakeholders.

• A builder who enjoys improving systems, automation, and workflows – not just responding to alerts.

• Calm and decisive under pressure, with strong judgment in ambiguous or high-severity situations.

• Structured and organized, with strong project management skills to own complex projects

• A clear communicator who can translate technical findings into actionable guidance for both technical and non-technical audiences.

• A collaborative teammate who values blameless learning and psychological safety

What You Bring

• 5+ years of experience in security incident response roles, with 3+ years focused on security engineering and automation.

• Proven experience leading complex security incidents in cloud-native or SaaS environments.

• Experience building automation or internal tooling to improve security operations.

• Proficiency in scripting or programming (e.g., Python, Go, Bash) and working with APIs or orchestration platforms.

• Familiarity with applying AI/ML-assisted workflows to operational security use cases.

• Strong understanding of modern attacker techniques and incident response methodologies.

• Strong written and verbal communication skills, including executive-facing summaries.

You belong here.

1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love.

Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at [email protected] and we’ll work to meet your needs.

Remote work is a part of our DNA. Given that our company was founded remotely in 2005, we can safely say we're experts at building remote culture. That said, remote work at 1Password does mean working from your home country. If you've got questions or concerns about this, your talent partner would be happy to address them with you.

Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law.

1Password uses artificial intelligence (AI) and machine learning (ML) technologies, including natural language processing and predictive analytics, to assist in the initial screening of employment applications and improve our recruitment process. See here for the latest third party bias audit information. If you prefer not to have your application assessed using AI/ML features, you may opt out by completing this form. For additional information see our Candidate Privacy Notice.