Overview

[Employer hidden — view at passion-project.co.uk] is the open workflow orchestration platform built for the new era of AI. We give technical teams the freedom of code with the speed of no-code, so they can automate faster, smarter, and without limits. Backed by a fiercely inventive community and 500+ builder-approved integrations, we’re changing the way people bring systems together and scale ideas for impact.

Since our founding in 2019, we’ve grown into a diverse team of over 220 - working across Europe and the US, connected by a shared builder spirit and with our centre of gravity in Berlin. Along the way, we’ve:

• Cultivated a community of more than 650,000 active developers and builders
• Earned 145k+ GitHub stars, making us one of the world’s Top 40 most popular projects
• Been ranked as one of Europe’s most promising privately held SaaS startups (4th in Sifted’s 2025 B2B SaaS Rising 100)
• Raised $240m to date, from Sequoia’s first German seed to our recent $180m Series C - bringing us to a $2.5bn valuation

That’s the company we’ve built. Now we’d love to see what you can build. If you’re applying, try [Employer hidden] out - whether you’re technical or not - and share a screenshot of your first workflow with us. The easiest place to start is here: app.[Employer hidden].cloud/register.

Your Main Goal

Your main goal will be to strengthen [Employer hidden]’s product and platform security by driving hands-on security work that helps engineering teams reduce risk, ship securely, and build a growing security practice from an early stage.

To do so, you’ll partner closely with the Head of Security in a 50+ person engineering department to run key security workflows, improve security across the SDLC, and help lay the foundations of a small but growing security team:

• Vulnerability management and disclosure - Own day-to-day vulnerability intake and triage workflows, including the security inbox and bug bounty submissions. Coordinate remediation with engineering teams and help track issues through to resolution with clear priorities and follow-through. Support coordinated disclosures, GitHub Security Advisories, and researcher communication in a timely and structured way.
• Security tooling and technical assessments - Operate and improve security tooling across the SDLC, including scanning, alert triage, and workflow tuning. Run practical security assessments such as targeted reviews, validation of findings, and remediation tracking from internal or external testing. Help improve visibility into product and platform risk through actionable findings, documentation, and technical recommendations.
• Secure product development support - Partner with engineers to embed security into design, development, and release processes in pragmatic ways. Support threat modeling, secure coding guidance, and lightweight security reviews across product and platform areas. Create clear, useful documentation that helps teams understand risks and apply secure development practices.
• Security operations and team foundations - Support the coordination of security incidents by helping with investigation, tracking, communication, and follow-up actions. Contribute to playbooks, runbooks, and internal processes that improve security readiness over time. Help shape how the security function works in practice as the team grows, together with the Head of Security and future hires.

Requirements

• ️ Product security experience: You have 5+ years of experience in product security, application security, or a closely related security engineering role in a SaaS or cloud environment.
• Vulnerability management skills: You have hands-on experience triaging, validating, and coordinating remediation for security findings.
• Web application security knowledge: You have a strong understanding of common web vulnerabilities and secure development principles.
• Security tooling experience: You’ve worked with security tooling such as SAST, DAST, dependency scanning, container scanning, or similar technologies in practice.
• Engineering partnership: You work well with product and engineering teams and know how to support them without becoming a blocker.
• ✍️ Clear communication: You can document findings, explain risks, and communicate clearly with both technical and non-technical stakeholders.
• ⚡ Pragmatic execution: You’re able to prioritize well, focus on the most meaningful risks, and make progress in fast-moving environments.
• ️ Builder mindset: You’re excited by the idea of joining a newly forming security team and helping shape how the function grows over time.

Nice-to-haves

• ☁️ Cloud and platform security exposure
• ‍ JavaScript / TypeScript familiarity
• DevSecOps mindset
• Threat modeling experience
• Researcher or bug bounty exposure
• High-growth or open-source context

Why join us?

At [Employer hidden], you’ll join security at an early and exciting stage. You’ll work closely with the Head of Security to help build the foundations of a growing security function, shape how security works across engineering in practice, and tackle meaningful product security challenges in a platform that sits close to customers’ most critical systems and workflows. You’ll have visible impact, real ownership, and the opportunity to help grow the team over time in a remote-first environment that values autonomy, pragmatism, and collaboration.

Benefits

• Competitive compensation – We offer fair and attractive pay.
• Ownership – Our core value is to “empower others,” and we mean it—you’ll get a slice of [Employer hidden] with equity.
• Work/life balance ️ – We work hard but ensure you have time to recharge: Europe: 30 days of vacation, plus public holidays; US: 20 vacation days, 8 sick days, plus public holidays.
• Health & wellness – Benefits per local country norms (Europe) or low-premium medical plans (US).
• Future planning – Pension contributions (Europe) or 401(k) with 4% match (US).
• Financial security ️ – Disability and life insurance (US).
• Career growth – €1K per year for learning.
• A passionate team – Hackathons and product love.
• Remote-first – Remote across Europe, with off-sites.
• Giving back – $100 per month to support open source.
• AI enablement – Unlimited AI budget.
• Transparency – Open culture.
• An ambitious but kind culture – High eNPS.