Cybersecurity Threats Analyst

The HubSpot Threats and Vulnerabilities Team is responsible for protecting our customers by systematically reducing our attack surface and improving the maturity of our Product Security. We create this path forward by mapping out our defenses, identifying and prioritizing improvements based on threat intelligence, and testing our applications and infrastructure to find and fix weaknesses.

The team is composed of highly skilled individuals experienced in the security and development of Cloud services. This team provides support and guidance across both the Product and Security organizations at HubSpot. We are looking for experienced engineers from diverse backgrounds to augment the team's skill set and offer new perspectives on security and risk and how it relates to HubSpot's program.

In this role you will:

• Continuously measure HubSpot's application security defenses, highlighting areas of strength and weakness
• Provide security-focused recommendations based on threat intelligence and vulnerability assessments
• Participate in red team exercises to find weaknesses in HubSpot's products and tools
• Maintain knowledge of the latest vulnerabilities, exploits, and the evolving threat landscape and distill that knowledge to other groups within HubSpot
• Manage programs for bug bounty and internal and external penetration testing, ensuring vulnerabilities are identified and mitigated
• Act as an escalation point for security incidents that require the specialized knowledge of this team
• Conduct research on campaigns and actors through technical analysis of data
• Drive projects and improvements that improve HubSpot's Security and Privacy controls within the Product Organization and beyond

We are looking for people who have:

• 3 or more years' experience in application security, threat Intelligence or incident response
• Previous involvement in red teaming, adversary emulation, or penetration testing
• Experience working with at least one programming language (Java, C#, Python etc)
• Understanding of secure development practices, public cloud, and network security
• Familiarity with security monitoring tools and investigation tools such as Splunk and Kibana
• Ability to communicate information about security and risk to a diverse audience

Confidence can sometimes hold us back from applying for a job. But we'll let you in on a secret: there's no such thing as a 'perfect' candidate. HubSpot is a place where everyone can grow. So however you identify and whatever background you bring with you, please apply if this is a role that would make you excited to come into work every day.

About HubSpot

HubSpot is a leading growth platform on a mission to help millions of organizations grow better. We build the software and systems that empower businesses to transform the way they attract, engage, and delight customers. We're also building a company culture that empowers people to do their best work through our core values of flexibility, autonomy, transparency, and belonging. If that sounds like something you'd like to be part of, we'd love to hear from you.

You can find out more about our company culture in the HubSpot Culture Code, which has more than 5M views, and learn about our commitment to creating a diverse and inclusive workplace, too. Thanks to the work of every HubSpotter globally who has helped build our remarkable culture, HubSpot has been named a top workplace by Glassdoor, Fortune, Entrepreneur, and more.

Headquartered in Cambridge, Massachusetts, HubSpot was founded in 2006. Today, thousands of employees work across the globe remotely and in our offices. Visit our careers website to learn more about culture and opportunities at HubSpot.

Cash compensation range: 157600-236400 USD Annually

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot's compensation philosophy.

The cash compensation above includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot's bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot's equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are based on a few different factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons.

We know that benefits are also an important piece of your total compensation package. To learn more about what's included in total compensation, check out some of the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices isn't just about checking off the box for legal compliance. It's about living out our value of transparency with our employees, candidates, and community.

The HubSpot Threats and Vulnerabilities team is charged with protecting our customers by systematically reducing HubSpot's attack surface and improving the maturity of HubSpot's Product Security. We create this path forward by mapping out HubSpot's defenses, identifying and prioritizing improvements based on threat intelligence, and testing our applications and infrastructure to find and fix weaknesses.

The team is composed of highly skilled individuals experienced in the security and development of Cloud services. This team provides support and guidance across both the Product and Security organizations at HubSpot. We are looking for experienced engineers from diverse backgrounds to augment the team's skill set and offer new perspectives on security and risk and how it relates to HubSpot's program.

In this role you will:

• Continuously measure HubSpot's application security defenses, highlighting areas of strength and weakness
• Provide security-focused recommendations based on threat intelligence and vulnerability assessments
• Participate in red team exercises to find weaknesses in HubSpot's products and tools
• Maintain knowledge of the latest vulnerabilities, exploits, and the evolving threat landscape and distill that knowledge to other groups within HubSpot
• Manage programs for bug bounty and internal and external penetration testing, ensuring vulnerabilities are identified and mitigated
• Act as an escalation point for security incidents that require the specialized knowledge of this team
• Conduct research on campaigns and actors through technical analysis of data
• Drive projects and improvements that improve HubSpot's Security and Privacy controls within the Product Organization and beyond

We are looking for people who have:

• 3 or more years' experience in application security, threat Intelligence or incident response
• Previous involvement in red teaming, adversary emulation, or penetration testing
• Experience working with at least one programming language (Java, C#, Python etc)
• Understanding of secure development practices, public cloud, and network security
• Familiarity with security monitoring tools and investigation tools such as Splunk and Kibana
• Ability to communicate information about security and risk to a diverse audience

Confidence can sometimes hold us back from applying for a job. But we'll let you in on a secret: there's no such thing as a 'perfect' candidate. HubSpot is a place where everyone can grow. So however you identify and whatever background you bring with you, please apply if this is a role that would make you excited to come into work every day.

About HubSpot

HubSpot is a leading growth platform on a mission to help millions of organizations grow better. We build the software and systems that empower businesses to transform the way they attract, engage, and delight customers. We're also building a company culture that empowers people to do their best work through our core values of flexibility, autonomy, transparency, and belonging. If that sounds like something you'd like to be part of, we'd love to hear from you.

You can find out more about our company culture in the HubSpot Culture Code, which has more than 5M views, and learn about our commitment to creating a diverse and inclusive workplace, too. Thanks to the work of every HubSpotter globally who has helped build our remarkable culture, HubSpot has been named a top workplace by Glassdoor, Fortune, Entrepreneur, and more.

Headquartered in Cambridge, Massachusetts, HubSpot was founded in 2006. Today, thousands of employees work across the globe remotely and in our offices. Visit our careers website to learn more about culture and opportunities at HubSpot.

Cash compensation range: 157600-236400 USD Annually

This resource will help guide how we recommend thinking about the range you see. Learn more about HubSpot's compensation philosophy.

The cash compensation above includes base salary, on-target commission for employees in eligible roles, and annual bonus targets under HubSpot's bonus plan for eligible roles. In addition to cash compensation, some roles are eligible to participate in HubSpot's equity plan to receive restricted stock units (RSUs). Some roles may also be eligible for overtime pay. Individual compensation packages are based on a few different factors unique to each candidate, including their skills, experience, qualifications and other job-related reasons.

We know that benefits are also an important piece of your total compensation package. To learn more about what's included in total compensation, check out some of the benefits and perks HubSpot offers to help employees grow better.

At HubSpot, fair compensation practices isn't just about checking off the box for legal compliance. It's about living out our value of transparency with our employees, candidates, and community.

We know the confidence gap and imposter syndrome can get in the way of meeting spectacular candidates, so please don't hesitate to apply - we'd love to hear from you.

If you need accommodations or assistance due to a disability, please reach out to us using this form. This information will be treated as confidential and used only for the purpose of determining an appropriate accommodation for the interview process.

At HubSpot, we value both flexibility and connection. Whether you're a Remote employee, or work from the Office, we want you to start your journey here by building strong connections with your team and peers.

If you are joining our Engineering team in a full-time role, you will be required to attend a regional HubSpot office for in-person onboarding. If you join our broader Product team, you'll also attend other in-person events such as HubSpot's annual PEER week, your Product Group Summit, and other in-person gatherings to continue building on those connections.

If you require an accommodation due to travel limitations or other reasons, please inform your recruiter during the hiring process. We are committed to supporting candidates who may need alternative arrangements.

Germany Applicants: (m/f/d) - link to HubSpot's Career Diversity page here.

India Applicants: link to HubSpot India's equal opportunity policy here.

About HubSpot

HubSpot (NYSE: HUBS) is a leading customer relationship management (CRM) platform that provides software and support to help businesses grow better. We build marketing, sales, service, and website management products that start free and scale to meet our customers' needs at any stage of growth. We're also building a company culture that empowers people to do their best work. If that sounds like something you'd like to be part of, we'd love to hear from you.

You can find out more about our company culture in the HubSpot Culture Code, which has more than 5M views, and learn about our commitment to creating a diverse and inclusive workplace, too. Thanks to the work of every employee globally, HubSpot was named the #2 Best Place to Work on Glassdoor in 2022 and has been recognized for its award-winning culture by Great Place to Work, Comparably, Fortune, Entrepreneur, Inc., and more.

Headquartered in Cambridge, Massachusetts, HubSpot was founded in 2006. Today, thousands of employees across the globe work remotely and in HubSpot offices. Visit our careers website to learn more about the culture and opportunities at HubSpot.

By submitting your application, you agree that HubSpot may collect your personal data for recruiting, global organization planning, and related purposes. HubSpot's Privacy Notice explains what personal information we may process, where we may process your personal information, our purposes for processing your personal information, and the rights you can exercise over HubSpot's use of your personal information.

---