Staff Security Engineer, DevSecOps (Corporate Security)

Staff Security Engineer, DevSecOps (Corporate Security) 1Password is growing. We’ve surpassed $400M in ARR and we’re continuing to accelerate, earning a spot on the Forbes Cloud 100 for four years in a row and teaming up with iconic partners like Oracle Red Bull Racing. About 1Password At 1Password, we’re building the foundation for a safe, productive digital future. Our mission is to unleash employee productivity without compromising security by ensuring every identity is authentic, every application sign-in is secure, and every device is trusted. We innovated the market-leading enterprise password manager and pioneered Unified Access Management, a new cybersecurity category built for the way people and AI agents work today. As one of the most loved brands in cybersecurity, we take a human-centric approach in everything from product strategy to user experience. Over 180,000 businesses, from Fortune 100 leaders to the world’s most innovative AI companies, trust 1Password to help their teams securely adopt the SaaS and AI tools they need to do their best work. If you're excited about the opportunity to contribute to the digital safety of millions, to work alongside a team of curious, driven individuals, and to solve hard problems in a fast-paced, dynamic environment, then we want to hear from you. Come join us and help shape a safer, simpler digital future. Here at 1Password we are deeply committed to customer privacy and security. The Security Team is passionate about our role in that mission and the ideal candidate for this role will share our excitement. Security isn't just a feature at 1Password, it's our foundation. The Security Operations team's mission is to protect the business by securing the systems, tools, and processes that power how we work. Our goal is to keep 1Password productive, resilient, and safe through proactive controls, thoughtful risk management, and continuous improvement. We're looking for a Staff Security Engineer to found and lead the DevSecOps function within our Corporate Security team. You'll have real ownership and latitude to shape how developer security works at 1Password. That means setting the technical vision, driving the standards and controls that engineering teams rely on, and building a well-run program that scales with the organization. This role works in close partnership with Infrastructure Security, and operates at a scope that touches every team that ships code. This role sits within Corporate Security and reports to the Manager of Corporate Security. This is a remote opportunity within Canada and the US. What we're looking for: - Minimum of 8 years of combined experience in security engineering, DevSecOps, platform security, or closely related engineering roles, with deep focus on securing developer environments, CI/CD, or software supply chains. - Deep, hands-on expertise in GitHub Enterprise security and governance, including branch protections, secret scanning, access controls, repository standards, Actions security, and audit logging at scale. - Proven ability to design and implement security controls that integrate into CI/CD pipelines without meaningfully degrading developer velocity. Experience with GitHub Actions and familiarity with how pipeline security scales across a large engineering organization. - Solid understanding of software supply chain security within developer environments, including dependency hygiene (npm, pip, and similar), token and secret management, secure package consumption practices, and SBOM generation. - Practical experience solving security challenges introduced by AI-assisted and agentic development. We are looking for evidence that you've engaged seriously with the problem: you've made real calls about how to govern AI coding tools in a production environment, defined policy and technical controls for tools like Copilot, Cursor, or Claude Code. - Comfortable making architectural decisions that span multiple teams. You set standards ... (truncated, view full listing at source)