Senior Security Engineer | Bitwarden This page is displayed in , but your browser is set to . Would you like to switch to the version? Switch to Stay in Products Password Manager Individuals Millions of users choose Bitwarden to protect themselves and their families Families Business Countless businesses and enterprises choose Bitwarden to secure their interests Enterprise Developer Products Explore Secrets Manager End-to-end encrypted secrets management for development, DevOps, and IT teams. Passwordless.dev and Passkeys Unlock passkey features and more with just a few lines of code Developer Documentation Explore More Integrations Partners New Access Intelligence New Bitwarden Authenticator Pricing Downloads Features Personal Plans Top Features Integrated TOTP Emergency Access Secure Sharing with Send Email Alias Integration Cross-platform with Unlimited Devices Business Plans Top Features Access Intelligence Directory Integration SSO Integration Self-hosting Bitwarden Enterprise Policies Account Recovery Top Tools Password Generator Password Strength Tester Passphrase Generator Username Generator Explore all tools and features Resources Resource Library Resource Center Blog Events Success Stories Comparison Security & Trust Security Compliance Open Source Bug Bounty Program Open Source Security Summit Bitwarden Security Whitepaper Training Help Center Courses Community Forum Enterprise Services Search Get Started Free Talk to Sales Log In Products Password Manager Individuals Millions of users choose Bitwarden to protect themselves and their families Families Business Countless businesses and enterprises choose Bitwarden to secure their interests Enterprise Developer Products Explore Secrets Manager End-to-end encrypted secrets management for development, DevOps, and IT teams. Passwordless.dev and Passkeys Unlock passkey features and more with just a few lines of code Developer Documentation Explore More Integrations Partners New Access Intelligence New Bitwarden Authenticator Pricing Downloads Features Personal Plans Top Features Integrated TOTP Emergency Access Secure Sharing with Send Email Alias Integration Cross-platform with Unlimited Devices Business Plans Top Features Access Intelligence Directory Integration SSO Integration Self-hosting Bitwarden Enterprise Policies Account Recovery Top Tools Password Generator Password Strength Tester Passphrase Generator Username Generator Explore all tools and features Resources Resource Library Resource Center Blog Events Success Stories Comparison Security & Trust Security Compliance Open Source Bug Bounty Program Open Source Security Summit Bitwarden Security Whitepaper Training Help Center Courses Community Forum Enterprise Services Get Started Free Get Started Free Talk to Sales Talk to Sales Log In Log In Back to Careers Senior Security Engineer at Bitwarden in Engineering Remote, U.S. Bitwarden empowers enterprises, developers, and individuals to securely store and share sensitive data. With a transparent, open-source approach to password management, secrets management, and passwordless and passkey innovations, Bitwarden makes it easy for users to extend robust security practices across all online activities. Founded in 2016 with headquarters in Santa Barbara, California, Bitwarden is supported by a passionate global community of security experts and enthusiasts. As a Senior Security Engineer at Bitwarden, you will be responsible for conducting purple team testing, including threat research and analysis, penetration testing, code audits, security validation testing, and cryptography reviews against Bitwarden’s products and services. In addition, you will be part of the security findings response team, and assist with external inquiry and report response, investigation, and triage. Additional
responsibilities include assisting with remediation of any security issues that are identified during internal or external testing and assessments while working alongside our engineering and security operations team members to ensure Bitwarden platform and services are secure and resilient. We’re looking for someone who is a self-starter with highly technical skills overlapping offensive and defensive capabilities. The right candidate will have experience using security and vulnerability management tools and solutions to detect and prevent cyber-related vulnerabilities in the company's services and networks as well as to any mobile and Internet-facing applications, systems and environments. This is an all-remote team and we are looking for someone located in the U.S. We do not offer visa sponsorship at this time.
RESPONSIBILITIES Research emerging threats across the surface web, dark web, and deep web Build threat models, conduct threat hunts, and plan and execute purple team engagements Coordinate internal red team testing operations that emulate a threat actor Collaborate with application development teams, platform engineers, and Security Operations Center (SOC) engineers to improve our offensive and defensive security controls Contribute to vulnerability testing and analysis as well as incident response and analysis Include testing for web, mobile, CLI, and desktop application security issues across our multi-product portfolio, including Bitwarden Password Manager, Secrets Manager, and Passwordless.dev, our APIs, serverless functions, and database Participate in code reviews, learning and spreading technical knowledge about security posture Contribute to resolutions for security-related issues Coordinate technical validation and leadership review of purple team reports detailing testing results and potential areas of improvement Conduct internal penetration tests on systems and networks to determine realistic threat vectors Manage software tools for code scanning, vulnerability identification, and finding reporting Effectively communicate findings, attack paths, and recommendations to stakeholders Train others on the adversary simulation tactics and procedures used Stay informed on current security trends, publications, and advisories Assist to provide guidance and subject matter expertise as it pertains to all areas of security and technical operations, including analysis of our cloud environments, security testing and documentation, as well as investigations, software research, new technology, services and tools research, and vendor security analysis WHAT YOU BRING TO BITWARDEN Experience with Penetration Testing Tools, such as Burp Suite, NMAP, Nessus, Metasploit, Kali Linux, SQLMap, Owasp ZAP, and manual testing tools In-depth knowledge of leading vulnerability management tools and strategies In-depth understanding and usage of application security testing technologies is a plus Understanding of authentication concepts, including OpenIDConnect, SAML, OAuth, and SSO flows Strong working knowledge of vulnerability management tools, data and network security technologies Collaborative and adaptable mindset Openness and authenticity combined with excellent communication skills Excitement and enthusiasm for open source and for better internet security Excellent problem-solving skills – you might not know all the answers, but you know how to find and communicate the solution Ability to maintain discretion, handle sensitive information, and maintain security best-practices Security purple team technocrat at heart, staying current with trends and new technologies NICE-TO-HAVES User of Bitwarden Experience with C# and TypeScript, the core two languages used to build the Bitwarden platform Experience in the SecOps world and ability to apply security best practices across the organization Experience working in cloud-focused environments WHAT TO EXPECT IN THE INTERVIEW PROCESS Selected candidates will be invited to schedule an introduction call and potentially progress through the following stages: Interview with Principal Architect Interview with lead engineers Interview with CTO Reference calls Successful candidates will be asked to authorize and complete a background check. We do not discriminate based on having a criminal record, and we encourage candidates to be open with us about anything that may come up on the report, so we can discuss in advance and determine impact on
the role and company. A FEW REASONS TO WORK WITH US Our user community loves us and we love them. Come to work each day with a sense of purpose as we bring a more secure internet experience to everyone––from our friends and family to the world’s largest organizations. Become an expert in a growing market. You’ll get immersed in the prominent technology markets of security and open source software. Learn and grow professionally. Embrace the opportunity to build up your demand generation and product-led growth expertise in a fast-growing startup. We are dedicated to building a diverse and talented team. Work remotely with motivated and supportive team members across the world. In the United States, the starting base
compensation range for this role is $140,000 - $180,000. Actual
compensation may vary based on level, relevant experience, and skill set as assessed in the interview process, as well as market data by location. See our careers page for a list of
