Principal Software Engineer, Security, Detection & Response

Responsibilities

As a Principal Software Engineer, you will play a leading role in building strong detection foundations and response frameworks to advance HubSpot's security posture. You will be a trusted technical leader, driving the development of automated detection systems and prioritizing mitigations based on current threats and coverage gaps. You will partner closely with engineering teams to supply data for purple team exercises and implement practical solutions that mitigate risks. Your deep technical knowledge will help guide architectural decisions for our corporate security logging infrastructure and SIEM. Day-to-day, you'll contribute code to security automations, review designs for detection reliability, and provide technical mentorship to engineers—championing detection-in-depth in everything we do.

You'll act as a key point of contact for threat intelligence and incident response expertise—ensuring that HubSpot's products meet both internal guardrails and external customer trust needs. You will support incident response efforts by aiding in investigations, understanding bad actor behaviors, and proactively anticipating future actions. You will work closely with product managers and legal/privacy partners to ensure incident response standards like NIST and SANS are woven into our lifecycle. You will also produce actionable intelligence by filtering and correlating data from indicators of compromise (IOCs) using platforms like Splunk and CrowdStrike.

The secure systems and practices you establish will have a real and lasting impact on upholding the integrity of the data entrusted to HubSpot. By evaluating customer impact on threats and maintaining relationships with industry contacts for intelligence sharing, you will directly contribute to a secure experience for every customer—enabling them to focus on running and growing their business with confidence.

Key Expectations

• 10-15 years of experience in software development and information security, with a focus on detection engineering, threat intelligence, and incident response.
• Proven experience in designing and implementing automated detection systems and managing large-scale security logging infrastructure (e.g., Splunk, SIEM).
• Expert knowledge of endpoint and network detection (EDR/SASE), and hands-on experience with tools like CrowdStrike Falcon for investigation and response.
• Deep understanding of incident response methodologies and frameworks such as NIST 800-61, SANS, and the ability to lead high-severity CritSits.
• Demonstrated experience in correlating diverse telemetry (identity, cloud, network) to detect post-entry behavior and contain threats quickly.
• Experience managing and ingesting Indicators of Compromise (IOCs) and mapping actor techniques to standards like STIX/TAXII.