About Highspot

Highspot helps sales teams improve customer conversations and achieve their revenue goals. From content optimization and performance analytics to in-context training, guided selling, and more, the Highspot platform delivers enterprise-ready features in a modern design that sales reps and marketers love. Using Highspot, marketing leaders have deep insights and analytics into the performance and influenced revenue of content, campaigns, and marketing assets. What makes the solution special? It’s loved by sales reps globally, and is the #1 rated sales enablement platform on G2 Crowd. 

We are committed to diversity as both a moral and business imperative. 

About the Role

Are you a leader in software security looking to make a difference in an exciting, hyper-growth startup? If you are ready to take on your next challenge, Highspot is an exceptional place to apply your skills and continue to grow.

Highspot is building its Engineering team at a breakneck speed due to customer demand, strong revenue, and exceptional funding. Keeping up with customer growth and demand while maintaining and developing trust through data security and privacy is the charter of the engineering team at Highspot. Our Security team is leading the way to ensure we meet both of these demands.

As a Principal Security Engineer, you will have your hands in all aspects of the Product Security Team, both internally and externally. You will help guide the training, tooling, guidance, detection, and assessment programs on the security team. You will likely take the lead on one or more of these programs to shape and mold into a world class strategy. 

Our security team will not only establish best-in-class internal support for our engineering team, but will also be a leader in the security industry. We are solving problems that many other companies struggle with; we want to give back to the industry through research, development, and open collaboration. The widespread impact you’ll have on our organization and the industry as a whole cannot be overstated.

Highspot is an organization built on trust and respect. You will have the responsibility, authority, and support to improve Highspot’s security every day.

What You'll Do

• Architect Secure Solutions - Our security team partners with over a dozen teams as they develop new features and respond to security needs. Your deep well of technical expertise will help them architect solutions that are resilient to today’s attacks and tomorrow’s.
• Identify New Challenges - A key aspect of this role is that you are an expert and a leader. We want your input on setting the direction of our team and helping to create a better security program. Use your experience to set the best course possible.
• Attack and Defend - You will lead in-depth architecture, code, and application reviews to hunt vulnerabilities that slip by the bounty hunters and external security consultants we work with. You will work with each team to address the issue quickly and thoroughly.
• Increase Trust - Developing a successful security program is all about trust and respect. Every chance we get, we will gain consensus and find mutually beneficial solutions.
• Build our team - Our team is growing and we want your help to build the best possible security team with the best possible culture.

Your Background

• A cornerstone of Highspot’s culture is respect and inclusion, please take the following list as a guideline, not a set of strict requirements. Reach out if you feel you could be a good match. We have Security Engineer roles at all levels!
• 6+ years of security experience
• Led major projects to successful completion
• Learned much from failed projects
• Collaborated across multiple teams on complex delivery
• Comprehensive understanding of all common application flaws, including how they happen, root cause, how to find them and different strategies to remediate
• Able to perform code, architecture, and application reviews
• Demonstrated capability to find multiple kinds of vulnerabilities in web, mobile, cloud and more
• Comprehensive understanding of root causes of vulnerabilities, with ability to understand and identify new kinds of vulnerabilities
• Familiar with SAST, DAST, Fuzzing, and other tools and automation to make you more effective as well as their limitations
• You are passionate about security and are up to date on both attacks and best practices for remediation

This position is available either in-office or remote, as applicable, at the following locations:

• Arizona - Remote 
• Arkansas - Remote
• California - Remote 
• Connecticut - Remote 
• Florida - Remote 
• Georgia - Remote 
• Idaho - Remote 
• Illinois - Remote 
• Maryland - Remote 
• Massachusetts - Remote 
• Michigan - Remote
• Minnesota - Remote 
• Missouri - Remote 
• New Hampshire - Remote
• New Jersey - Remote 
• New York - Remote 
• North Carolina - Remote 
• Ohio - Remote 
• Oregon - Remote 
• Pennsylvania - Remote 
• Texas - Remote 
• Utah - Remote 
• Virginia - Remote 
• Washington - Remote 
• Washington - Seattle
• Wisconsin - Remote
• #BI-Remote

Benefits

Comprehensive medical, dental, and vision benefits

401(k) Matching

Paid parental leave 

Flexible work and vacation schedules

Discounted ClassPass membership

2 volunteer days per year

Transportation benefits

Competitive compensation and stock options

Fully-stocked kitchen

Annual company-wide events

Meaningfully contribute to a compelling vision!

Equal Opportunity Statement

We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of age, ancestry, citizenship, color, ethnicity, family or medical care leave, gender identity or expression, genetic information, marital status, medical condition, national origin, physical or invisible disability status, political affiliation, veteran status, race, religion, or sexual orientation.

Read through the requirements as a checklist and haven't ticked every box? Don't rule yourself out just yet. So if this role resonates with you, hit that apply button!