1Password is hiring a Principal Security Researcher

Responsibilities

• Deep Vulnerability Research: Lead original research into the most complex and high-impact vulnerability classes affecting 1Password’s products and the broader identity security ecosystem. Discover novel attack surfaces, develop advanced exploit chains, and pioneer new classes of findings that expand the industry’s understanding of risk.
• Advanced Exploit Development & Attack Research: Design and develop sophisticated threat models, attack chains, and proof-of-concept exploits that demonstrate real-world risk at the highest level of complexity. Provide authoritative technical evidence that drives prioritization and remediation across 1Password’s product portfolio.
• AI & Agentic Security Strategy: Lead research into the security implications of AI in identity systems, including prompt injection, data poisoning, adversarial attacks on AI-driven access decisions, and the systemic risks introduced by agentic architectures interacting with privileged access management (PAM); Your work will help shape 1Password’s strategic position on AI security.
• Technical Publications & Thought Leadership: Author high-quality research publications, white papers, blog posts, and technical advisories. Present findings through podcasts, webinars, and/or major security conferences that contribute to 1Password’s reputation as a thought leader in identity security.
• Standards Leadership: Represent 1Password in standards bodies such as NIST, FIDO, and MCP at a leadership level. Your work will influence the development of identity and security standards, contributing original research and technical expertise to shape the direction of emerging protocols and frameworks.
• Research Vision & Agenda: Collaborate with leadership to define and drive the long-term technical research agenda for the Security Research team. Identify the highest-impact research opportunities across application security, cryptography, identity, access governance, and AI security; Your work will set the quality standard for all research output.
• Strategic Technical Advising: Serve as a trusted technical advisor to the Director of Security Research, security leadership, and product/engineering executives. Your work will translate deep research insights into strategic recommendations that inform product roadmaps, security architecture, and wide-reaching risk decisions.
• Community & Ecosystem Leadership: Build and maintain strong relationships with the global security research community. Lead collaborative research initiatives, mentor fellow researchers through responsible disclosure programs, and represent 1Password as a constructive and trusted voice in the identity ecosystem.
• Team Elevation: Elevate the broader Product Security team through technical mentorship, rigorous research review, and knowledge sharing. Your work will reinforce cultural norms around evidence, integrity, and intellectual rigor, as well as attract top research talent.

Requirements

• 8+ years of progressive experience in security research, offensive security, or vulnerability research.
• Education: Bachelor’s degree in Computer Engineering, Computer Science, Information Security, or a related field; or equivalent practical experience. An advanced degree (MS/PhD) in a relevant discipline is highly valued.
• Industry-recognized body of work: a portfolio of original vulnerability discoveries, high-impact publications, presentations, and/or widely adopted security research.
• Expert-level offensive security experience: extensive experience in vulnerability research, exploit development, reverse engineering, and/or advanced adversarial simulation at scale.
• Broad and deep domain expertise across three or more of the following domains: application security, cryptography, access governance, identity protocols (SAML, OAuth, OIDC, SCIM, FIDO/WebAuthn), Linux system internals, Windows system internals, macOS system internals, Web application security, AI/Agentic security, or Mobile security.
• Recognized expertise in AI security, including hands-on research into prompt injection, data poisoning, adversarial ML, AI architecture review, or the security of agentic systems.
• Proven ability to define and drive research strategy: experience identifying and pursuing long-term research agendas, prioritizing across competing opportunities, and delivering high-impact results with minimal direction.
• Expert software engineering proficiency: Proficiency in three or more programming languages such as Go, Rust, Python, Ruby, JavaScript/TypeScript, or equivalent modern languages, with the ability to architect and develop tooling, audit complex codebases, and produce proof-of-concept exploits.
• Demonstrated thought leadership: A strong record of impactful publications, conference presentations, vulnerability disclosures, or community contributions that advanced security understanding across the industry.
• Integrity and ethical rigor: Consistent history of handling vulnerabilities and disclosures responsibly while engaging constructively with vendors and the research community.
• Exceptional written and verbal communication skills, with demonstrated ability to produce landmark technical publications, as well as deliver compelling presentations to both deeply technical and executive audiences.

Benefits

• Health and wellbeing 👶 Maternity and parental leave top-up programs 🩺 Competitive health benefits 🏝 Generous PTO policy Growth and future 📈 RSU program for most employees 💸 Retirement matching program 🔑 Free 1Password account Community 🤝 Paid volunteer days 🏆 Peer-to-peer recognition through Bonusly 🌎 Remote-first work environment

Additional Information

• Successful applicants will be required to complete a background check that may consist of prior employment verification, reference checks, education confirmation, criminal background, publicly available social media, credit history, or other information, as permitted by local law.