Our Product Security team supports the following tenet of Slack’s mission: to make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction high-impact security across everything we do. As a member of the Product Security team you care about shipping secure products and ensuring that the way in for the bad guys is never through the front door. You are passionate in developing secure-by-default libraries and building new security services. Your work will directly impact the way millions of people, teams, and businesses get things done using Slack.
What You Will Be Doing
- Developing secure libraries, tools, and services to prevent classes of risk and vulnerabilities.
- Assessing existing codebases for widespread, systemic or structural security issues and partnering with engineering teams to address them.
- Architectural review of important technical specifications and design proposals.
- Contributing feedback to engineers during all phases of the development lifecycle.
- Communicating risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns.
- Seeking out opportunities to automate processes when appropriate.
- Partnering with Product Security leads and other product engineering technical leaders to identify intrinsic product weaknesses, build component-specific security roadmaps to address them, and assist with the execution of those roadmaps.
- Mentoring Product Security engineers to be more effective, impactful, and reach their goals.
What You Should Have
- Bachelor’s degree in Computer Science, Engineering or a related field, or equivalent training, fellowship, or work experience.
- 5+ years experience in software development in languages such as: Java, Python, PHP, Go.
- Deep understanding of web application architecture and design principles.
- Knowledge of internet security issues in software design and code.
- Experience in writing understandable, testable, secure code with an eye towards maintainability.
- Several years of professional experience ensuring privacy and security of web applications is a plus.
- Background in software engineering and common development practices in a collaborative and dynamic environment.
- Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
- Experience with Amazon AWS services and familiarity with Slack products is a plus.
Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment.
Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Slack will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.