Principal Software Engineer, Security, Detection & Response

HubSpot

8d•$266,200 - $425,900•Hybrid

About The Position

HubSpot is looking for a talented Principal Software Engineer to shape and deliver advanced detection engineering, threat intelligence, and incident response solutions supporting our growing platform. In this pivotal org-impacting role, you will use your extensive hands-on engineering experience to influence the technical direction of our detection and response capabilities, implement best-in-class security practices, and help attain high standards for operational excellence. You’ll tackle challenging problems and partner closely with cross-functional peers, making a tangible impact on our defenses and resilience. At HubSpot, security isn’t just a checkbox—it’s woven into everything we do. By building robust detection foundations and scalable response systems, you’ll be enabling our teams and customers to grow better, together. If you’re motivated to strengthen threat detection and response for millions of organizations at scale, you’ll find this opportunity exciting!

Requirements

10-15 years of experience in software development and information security, with a focus on detection engineering, threat intelligence, and incident response.
Proven experience in designing and implementing automated detection systems and managing large-scale security logging infrastructure (e.g., Splunk, SIEM).
Expert knowledge of endpoint and network detection (EDR/SASE), and hands-on experience with tools like CrowdStrike Falcon for investigation and response.
Deep understanding of incident response methodologies and frameworks such as NIST 800-61, SANS, and the ability to lead high-severity CritSits.
Demonstrated experience in correlating diverse telemetry (identity, cloud, network) to detect post-entry behavior and contain threats quickly.
Experience managing and ingesting Indicators of Compromise (IOCs) and mapping actor techniques to standards like STIX/TAXII.
Excellent communication skills, with the ability to articulate complex threat landscapes to both technical and non-technical audiences.
Relevant industry certifications (e.g., GCIH, GCFA, CISSP, or vendor-specific EDR certifications).

Responsibilities

Play a leading role in building strong detection foundations and response frameworks to advance HubSpot’s security posture.
Act as a trusted technical leader, driving the development of automated detection systems and prioritizing mitigations based on current threats and coverage gaps.
Partner closely with engineering teams to supply data for purple team exercises and implement practical solutions that mitigate risks.
Guide architectural decisions for our corporate security logging infrastructure and SIEM.
Contribute code to security automations, review designs for detection reliability, and provide technical mentorship to engineers—championing detection-in-depth in everything we do.
Act as a key point of contact for threat intelligence and incident response expertise—ensuring that HubSpot’s products meet both internal guardrails and external customer trust needs.
Support incident response efforts by aiding in investigations, understanding bad actor behaviors, and proactively anticipating future actions.
Work closely with product managers and legal/privacy partners to ensure incident response standards like NIST and SANS are woven into our lifecycle.
Produce actionable intelligence by filtering and correlating data from indicators of compromise (IOCs) using platforms like Splunk and CrowdStrike.
Evaluate customer impact on threats and maintain relationships with industry contacts for intelligence sharing, directly contributing to a secure experience for every customer.