Principal Security Researcher at 1password

1Password is growing faster than ever. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle Red Bull Racing and the Utah Mammoth. About 1Password At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Extended Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work. If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future. We’re building a world-class security research program to advance both the security of 1Password’s products and the broader identity security landscape. We’re looking for a Principal Security Researcher to serve as the most senior individual contributor on this greenfield team, setting the quality bar for all research output. In this role, you will collaborate with the Director of Security Research to define research agendas that address the most critical and complex challenges in identity security. You’ll lead investigations into novel attack surfaces, collaborate with engineers to architect innovative defensive techniques, and produce landmark research that shapes how the industry thinks about identity, authentication, and access security. Your work will have an outsized impact both within 1Password and across the security ecosystem. As a member of the Product Security function, you will operate as a strategic technical leader, partnering with the Director of Security Research, engineering leadership, product teams, and company executives. You’ll serve as a visible ambassador for 1Password through high-impact publications, standards leadership, and deep engagement with the global security research community. This is a remote opportunity within Canada and the US. Key responsibilities: - Deep Vulnerability Research: Lead original research into the most complex and high-impact vulnerability classes affecting 1Password’s products and the broader identity security ecosystem. Discover novel attack surfaces, develop advanced exploit chains, and pioneer new classes of findings that expand the industry’s understanding of risk. - Advanced Exploit Development & Attack Research: Design and develop sophisticated threat models, attack chains, and proof-of-concept exploits that demonstrate real-world risk at the highest level of complexity. Provide authoritative technical evidence that drives prioritization and remediation across 1Password’s product portfolio. - AI & Agentic Security Strategy: Lead research into the security implications of AI in identity systems, including prompt injection, data poisoning, adversarial attacks on AI-driven access decisions, and the systemic risks introduced by agentic architectures interacting with privileged access management (PAM); Your work will help shape 1Password’s strategic position on AI security. - Technical Publications & Thought Leadership: Author high-quality research publications, white papers, blog posts, and technical advisories. Present findings through podcasts, webinars, and/or major security conferences that contribute to 1Password’s reputation as a thought leader in identity security. - Standards Leadership: Represent 1Password in standards bodies such as NIST, FIDO, and MCP at a leadership level. Your work will influence the development of identity and security standards, contributing original research and technical expertise to shape the direction of emerging protocols and frameworks. - Research Vision & Agenda: Collaborate with leadership to define and drive the long-term technical research agenda for the Security Research team. Identify the highest-impact research opportunities across application security, cryptography, identity, access governance, and AI security; Your work will set the quality standard for all research output. - Strategic Technical Advising: Serve as a trusted technical advisor to the Director of Security Research, security leadership, and product/engineering executives. Your work will translate deep research insights into strategic recommendations that inform product roadmaps, security architecture, and wide-reaching risk decisions. - Community & Ecosystem Leadership: Build and maintain strong relationships with the global security research community. Lead collaborative research initiatives, mentor fellow researchers through responsible disclosure programs, and represent 1Password as a constructive and trusted voice in the identity ecosystem. - Team Elevation: Elevate the broader Product Security team through technical mentorship, rigorous research review, and knowledge sharing. Your work will reinforce cultural norms around evidence, integrity, and intellectual rigor, as well as attract top research talent. Qualifications: - 8+ years of progressive experience in security research, offensive security, or vulnerability research. - Education: Bachelor’s degree in Computer Engineering, Computer Science, Information Security, or a related field; or equivalent practical experience. An advanced degree (MS/PhD) in a relevant discipline is highly valued. - Industry-recognized body of work: a portfolio of original vulnerability discoveries, high-impact publications, presentations, and/or widely adopted security research. - Expert-level offensive security experience: extensive experience in vulnerability research, exploit development, reverse engineering, and/or advanced adversarial simulation at scale. - Broad and deep domain expertise across three or more of the following domains: application security, cryptography, access governance, identity protocols (SAML, OAuth, OIDC, SCIM, FIDO/WebAuthn), Linux system internals, Windows system internals, macOS system internals, Web application security, AI/Agentic security, or Mobile security. - Recognized expertise in AI security, including hands-on research into prompt injection, data poisoning, adversarial ML, AI architecture review, or the security of agentic systems. - Proven ability to define and drive research strategy: experience identifying and pursuing long-term research agendas, prioritizing across competing opportunities, and delivering high-impact results with minimal direction. - Expert software engineering proficiency: Proficiency in three or more programming languages such as Go, Rust, Python, Ruby, JavaScript/TypeScript, or equivalent modern languages, with the ability to architect and develop tooling, audit complex codebases, and produce proof-of-concept exploits. - Demonstrated thought leadership: A strong record of impactful publications, conference presentations, vulnerability disclosures, or community contributions that advanced security understanding across the industry. - Integrity and ethical rigor: Consistent history of handling vulnerabilities and disclosures responsibly while engaging constructively with vendors and the research community. - Exceptional written and verbal communication skills, with demonstrated ability to produce landmark technical publications, as well as deliver compelling presentations to both deeply technical and executive audiences. USA-based roles only: The annual base salary for this role is between $246,000 USD and $369,000 USD, plus immediate participation in 1Password's benefits program (health, dental, 401k and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs. Canada-based roles only: The annual base salary for this role is between $228,000 CAD and $342,000 CAD, plus immediate participation in 1Password’s generous benefits program (health, dental, RRSP and many others), utilization of our generous paid time off, an equity grant and, where applicable, participation in our incentive programs. At 1Password, we approach each individual's compensation with a promise of fair market value and internal equity commensurate with experience and specific skill set. This posting is for an existing vacancy. Our culture At 1Password, we prioritize collaboration, clear and transparent communication, receptiveness to feedback, and alignment with our core values: keep it simple, lead with honesty, and put people first. You’ll be part of a team that challenges the status quo, and is excited to experiment and iterate in search of the best solution. That said, 1Password is not for everyone [Upgrade to PRO to see link] Our work is demanding, we strive for excellence, and the pace is fast. We need people who are keen to take on challenging problems, who seek feedback to grow, and who are driven to make an impact. If you're looking for a place where you can settle into a comfortable routine, this might not be the right fit for you. We’re looking for individuals who are proven experts in their fields, as well as those who are highly adaptable, can thrive in ambiguity and through change, are curious, and above all deliver results. How we work with AI We are committed to leveraging cutting-edge technology—including AI—to achieve our mission. We also understand that thinking critically about AI in its current forms will help us create better solutions for our customers and ourselves with its future forms, which will help us continue to close the gap between security and privacy and achieve our mission. We want team members at all levels to take the approach of actively learning AI best practices, identifying opportunities to apply AI in meaningful ways, and driving innovative solutions in their daily work. Embracing the future of AI isn't just encouraged—it's an essential part of how we will be successful at 1Password. This approach extends to our hiring process—candidates are welcome to use AI tools responsibly and thoughtfully during the application process. Our approach to remote work We believe in the power of remote work, but recognize that in-person connection is important to help us achieve our mission. While we are a remote-first company, travel for in-person engagement is a part of almost all roles, and we require our employees to be ready and willing to take part. Frequency will depend on role and responsibilities, and may include, but is not limited to: annual department-wide offsites, team meetings, and customer/industry events. What we offer We believe in working hard, and rewarding that hard work through our benefits. While not an exhaustive list, here is a glance at what we currently offer: Health and wellbeing 👶 Maternity and parental leave top-up programs 🩺 Competitive health benefits 🏝 Generous PTO policy Growth and future 📈 RSU program for most employees 💸 Retirement matching program 🔑 Free 1Password account Community 🤝 Paid volunteer days 🏆 Peer-to-peer recognition through Bonusly 🌎 Remote-first work environment *Some roles in our GTM team are currently being hired for in-person hybrid work in Toronto and Austin. These roles will specify on the posting. You belong here. 1Password is proud to be an equal opportunity employer. We are committed to fostering an inclusive, diverse and equitable workplace that is built on trust, support and respect. We welcome all individuals and do not discriminate on the basis of gender identity and expression, race, ethnicity, disability, sexual orientation, colour, religion, creed, gender, national origin, age, marital status, pregnancy, sex, citizenship, education, languages spoken or veteran status. Be yourself, find your people and share the things you love. Accommodation is available upon request at any point during our recruitment process. If you require an accommodation, please speak to your talent acquisition partner or email us at [Upgrade to PRO to see contact] and we’ll work to meet your needs. Remote work is a part of our DNA. Given that our company was founded remotely in 2005, we can safely say we're experts at building remote culture. That said, remote work at 1Password does mean working from your home country. If you've got questions or concerns about this, your talent partner would be happy to address them with you. Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law. 1Password uses artificial intelligence (AI) and machine learning (ML) technologies, including natural language processing and predictive analytics, to assist in the initial screening of employment applications and improve our recruitment process. See here [Upgrade to PRO to see link] for the latest third party bias audit information. If you prefer not to have your application assessed using AI/ML features, you may opt out by completing this form [Upgrade to PRO to see link] For additional information see our Candidate Privacy Notice [Upgrade to PRO to see link]