Head of Security

Berlin OfficeRemoteFullTime

The AI orchestration of your wildest imagination.

n8n is the open workflow orchestration platform built for the new era of AI. We give technical teams the freedom of code with the speed of no-code, so they can automate faster, smarter, and without limits. Backed by a fiercely inventive community and 500+ builder-approved integrations, we're changing the way people bring systems together and scale ideas for impact.

Since our founding in 2019, we've grown into a diverse team of over 260 - working across Europe and the US, connected by a shared builder spirit and with our centre of gravity in Berlin. Along the way, we've:

- Cultivated a community of more than 650,000 active developers and builders

- Earned 190K+ GitHub stars, making us one of the world's Top 40 most popular projects

- Backed by top investors, from Sequoia's first German seed to our SAP's recent strategic investment - bringing us to a $5.2bn valuation

That's the company we've built. Now we'd love to see what you can build. If you're applying, try n8n out - whether you're technical or not - and share a screenshot of your first workflow with us. The easiest place to start is here: app.n8n.cloud/register http://app.n8n.cloud/register.

We're in a defining moment of an incredible journey. Come and build with us.

🎯 Your main goal will be to define and raise n8n's security posture so we can scale product innovation, support enterprise growth, and help engineering teams ship securely by default.

To do so, you'll build the foundations, systems, and team that make security a practical and trusted part of how we operate:

SECURITY STRATEGY AND FULL-SPECTRUM OWNERSHIP

- Own the entire security function at n8n — product security, cloud/platform security, GRC, vulnerability management, and internal security — with full accountability across all of these areas.

- Define what "secure" means for n8n and set a roadmap that addresses our highest-impact risks across product, platform, and compliance.

- Act as the company's central security leader: bring visibility, direction, and clear ownership where security responsibilities have historically been fragmented.

- Drive pragmatic risk decisions that balance product velocity with protection — you understand the trade-offs and can make calls that the business can actually act on.

PRODUCT AND PLATFORM SECURITY

- Lead hands-on security work across n8n's product surface: our workflow engine, 500+ integrations, cloud offering, and self-hosted deployments.

- Own the security implications of n8n being a source-available product — proactively identify and address the risks that come with a public codebase and a highly technical, security-aware user community.

- Embed security into the SDLC through threat modelling, secure design reviews, code review standards, and automated tooling — reducing friction for engineers while raising the baseline.

- Define and implement a cloud security posture that covers infrastructure hardening, secrets management, access controls, and detection.

- Partner with engineering and product teams early in architecture and infrastructure decisions, before security concerns become expensive to fix.

- Build or improve DevSecOps pipelines and automation across CI/CD workflows, so security checks are part of how code ships by default.

SECURITY GRC AND ENTERPRISE TRUST

- Own security-specific governance, risk, and compliance — distinct from broader corporate compliance, which sits elsewhere in the business.

- Maintain and expand n8n's security certifications (currently SOC 2) and assess the roadmap for additional frameworks relevant to product and customer security (e.g. ISO 27001, pen test programmes, cloud security benchmarks).

- Build the security controls, policies, and technical documentation that give auditors and enterprise customers confidence in our practices.

- Own the security review process for enterprise deals: security questionnaires, customer-facing assessments, and trust-related conversations as n8n scales upmarket.

- Maintain a security-specific risk register and ongoing risk management process — tracking and prioritising the company's security exposure over time.

- Collaborate with Legal on areas of overlap (e.g. data breach response, GDPR-adjacent security controls) without duplicating what they already own.

VULNERABILITY MANAGEMENT, INCIDENTS, AND TRUST

- Own the full vulnerability management lifecycle: intake, triage, prioritisation, remediation tracking, external disclosure coordination, and bug bounty programme management.

- Lead incident readiness and response — create playbooks, run tabletop exercises, and act as the lead coordinator when incidents occur.

- Drive Trust & Safety by improving how we address abuse risk, agentic AI threat vectors, and platform misuse — areas that are growing in complexity as n8n expands its AI capabilities.

- Act as the public-facing security contact for the community and for security researchers reporting issues.

SECURITY ENABLEMENT FOR ENGINEERING

- Build the tooling, guardrails, and developer-facing workflows that help engineering teams ship securely without slowing them down.

- Create scalable security education and awareness so that security thinking becomes embedded in how engineers work, not just reviewed at the end.

- Define clear security standards and own their adoption across engineering — from secure coding guidelines to infrastructure defaults.

TEAM BUILDING AND SECURITY OPERATIONS

- Build and lead n8n's security function over time — you'll start with a small team and shape it based on evolving needs, with an initial target of building toward a team of ~4.

- Define what capabilities the team needs (e.g. AppSec, cloud security, GRC) and hire accordingly.

- Establish clear ways of working across Engineering, IT, Legal, and Leadership so security ownership is unambiguous and effective at scale.

REQUIREMENTS

MUST-HAVES

- 🛡️ Security leadership experience: Significant experience leading security in a product-led, SaaS, or cloud-native environment — with accountability across multiple security domains, not just a single technical area.

- 🧰 Hands-on product and platform security depth: Strong practical experience in application security, cloud infrastructure security, vulnerability management, and secure engineering practices — you're still close enough to the work to review code, dig into architecture, and make technical calls.

- 📋 Security GRC ownership experience: You've owned security-specific compliance programmes (SOC 2, ISO 27001, or similar) and security risk management — you understand where security GRC ends and broader corporate compliance begins, and can operate effectively at that boundary.

- ⚖️ Pragmatic risk judgment: You know how to define priorities, make trade-offs, and focus teams on the security work that actually matters.

- 🤝 Cross-functional influence: You work credibly with engineers, engineering leadership, and non-technical stakeholders to drive action — without relying on authority.

- 🚀 Builder mindset: You've operated in ambiguity and know how to create structure, standards, and momentum where little existed previously.

- 🔥 Incident and vulnerability ownership: Hands-on experience leading vulnerability disclosure, remediation coordination, and incident response — including external communication under pressure.

- 🌍 Open-source or developer-tooling background: You understand the security challenges specific to technical products with public codebases, active security researcher communities, and highly capable end users.

- 📣 Clear communication: You explain security risks and decisions clearly to both technical and non-technical audiences, including customers and leadership.

- 🧱 Resilience under pressure: You stay calm and effective during incidents, escalations, or high-stakes external security conversations.

NICE-TO-HAVES

- ☁️ Enterprise SaaS experience: You've helped mature security in a company selling into larger enterprise customers with increasing security review expectations.

- 🤖 AI and abuse-risk exposure: You have experience thinking through security implications of AI-enabled products, agentic systems, or platform misuse and abuse cases.

- 🧪 DevSecOps and automation expertise: You've built or improved security automation across CI/CD, developer workflows, or internal security platforms.

- 👥 Team scaling experience: You've hired or grown security teams and can assess what capabilities and team shape are needed over time.

- 📋 Customer trust and compliance support: You've partnered on security questionnaires, audits, or enterprise-facing trust work without treating compliance as the end goal.

n8n is an equal opportunity employer and does not discriminate on the basis of race, religion, colour, national origin, gender, sexual orientation, gender identity, age, marital status, veteran status, or disability status.

We can sponsor visas to Germany; for any other country, you need to have existing right to work.

Our company language is English.

You care about diversity and inclusion? We do too! Check out our Diversity, Inclusion and Belonging initiatives at n8n https://www.notion.so/Diversity-inclusion-and-belonging-n8n-c1bec2fff536422d868b1a438d990e35?pvs=21 (https://www.notion.so/n8n/Diversity-inclusion-and-belonging-n8n-c1bec2fff536422d868b1a438d990e35).

Location disclaimer: If you see multiple job postings for the same role, it is most likely because we're hiring remotely for this role and posting in different locations to make sure every potential candidate can see the role. Please apply to the location you're the most likely to work from in the future.

BENEFITS

- Competitive compensation 💸 – We offer fair and attractive pay.

- Ownership 💪 – Our core value is to "empower others," and we mean it—you'll get a slice of n8n with equity.

- Work/life balance 🏖️ – We work hard but ensure you have time to recharge: - Europe: 30 days of vacation, plus public holidays wherever you are. - US: 20 vacation days, 8 sick days, plus public holidays wherever you are.

- Health & wellness 🩺 – - Europe: We provide benefits according to local country norms.* - US: Multiple low-premium, low-deductible medical plans with coverage for individuals and families—plus a no-cost premium HDHP option with a pre-seeded HSA—along with dental and vision coverage.

- Future planning 💰 – - Europe: We provide pension contributions according to local country norms.* - US: 401(k) retirement plan with a 4% employer match.

- Financial security 🛡️ – - Europe: We provide benefits according to local country norms.* - US: Company-paid short-term and long-term disability insurance, plus life insurance to support you and your loved ones.

- Career growth 📈 – We hire rising stars who grow with us! You'll get €1K (or equivalent) per year to spend on courses, books, events, or coaching to level up your skills.

- A passionate team 🤩 – We love our product, and we prove it with regular hackathons where we see who can build the coolest thing with it!

- Remote-first 🌏 – Our team works remotely across Europe, with regular off-sites for team bonding. Some roles, like sales in the US, are hybrid—please check the job description.

- Giving back 🤝 – We're big fans of open source, and you'll get $100 per month to support projects you care about.

- AI enablement 🤖 – We believe in working smarter—everyone gets an unlimited AI budget to explore and use the best tools to boost productivity and creativity.

- Transparency 🙏 – We all know what everyone's working on, how the company is doing—the whole shebang.

* Country-specific details are provided in your contract.