About Hightouch
Hightouch is the modern AI platform for marketing and growth teams. Our AI agents reimagine marketing workflows, allowing marketers to create content, plan campaigns, and execute strategies with transformational velocity and performance.
Hightouch is a rare company built on the intersection of two fundamental technological shifts: advances in LLMs and agentic AI, and the creation and rapid adoption of cloud data warehouses like Snowflake and Databricks. Building on these tailwinds, we’ve become a leader in AI marketing and partner with industry leaders like Domino’s, Chime, Spotify, Ramp, Whoop, Grammarly, and over 1000 others.
Our team focuses on making a meaningful impact for our customers. We approach challenges with first-principles thinking, move quickly and efficiently, and treat each other with compassion and kindness. We look for team members who are strong communicators, have a growth mindset, and are motivated and persistent in achieving our goals.
About the Role
This is our first dedicated security hire, and it's a rare chance to define the function from the ground up. You'll own Hightouch's application security posture end-to-end. We have strong engineering fundamentals and a solid foundation; now you'll shape what security looks like here as we scale from 70 to 140+ engineers.
This is a hands-on, high-autonomy role. You'll spend most of your time in the codebase, not in meetings. You’ll be solving hard problems at the intersection of security and distributed systems:
- Multi-tenant isolation on a system running ~1M data syncs per day and ingesting 100K+ events/sec
- Sub-tenant access control - for multi-team and multi-brand use cases, requiring differentiated access to configuration and data
- Security architecture - Build and refine our frameworks for compute isolation and perform threat modeling and hardening of new products
- Internet-facing APIs - Our high-throughput, internet-facing architecture services customer data at scale. You’ll improve our rate limiting, abuse detection, and granularity of access control
- Multi-Region and Multi-Cloud - Supporting our multi-region and multi-cloud backend, including extending it to launch Hightouch on in new regions to support data residency requirements of our global customer base
You'll own your roadmap. We're not looking for someone to run a checklist — we're looking for someone who can look at our architecture, identify the highest-leverage problems, and go fix them.
About You
You’ve been an early security hire at a SaaS company before and moved the needle on how they approach security. You can read application code, threat model a distributed system, and ship production fixes. You have significant distributed systems expertise so that you can understand and influence what is being built by the product teams and influence from a place of trust.
Experience that's relevant:
- Being an early security hire (first 1-3) at a SaaS or data infrastructure company
- Securing multi-tenant platforms: tenant isolation, authorization models, etc
- Cloud security on systems that span more than one cloud and operate against customer-owned accounts
- Design and build of data infrastructure as an early engineer, not just a user. You helped secure it from early design or during major redesigns. You understand how it scales and how it’s secured
- Privacy-adjacent security (PII handling, data residency, GDPR/CCPA technical controls)
We don't care about certifications. We care about what you've built.
Interview Process
- Recruiter Screen [30m] - Introductory mutual fit assessment
- Security Architecture Interview [60m] - Threat model discussion of a real-ish system, followed by a systems design exercise
- Core interview [90m] - deep dive on distributed systems knowledge
- Hiring Manager Interview [60m] - What you've built in the past, how you work
- Security Program Interview [60m] with Head of Engineering — How you've run security programs in practice: bug bounty, pentest engagements, working with external researchers, and partnering across engineering to drive adoption.
E-Verify Statement
_Hightouch participates in E-Verify. We will provide the Social Security Administration, and if necessary, the Department of Homeland Security, with information from each new employee’s Form I-9 to confirm work authorization. Please note that we do not use this information to pre-screen job applicants. __ __E-Verify Notice__ __E-Verify Notice (Spanish)__ __Right to Work Notice__ __Right to Work Notice (Spanish)_