Slack is hiring a

Staff Software Engineer, Security / Red Team

San Francisco, United States

Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.

As a member of the Slack Security Operations team, you are a driving force in testing and validation of our detection capabilities across Slack. This role provides actionable thought leadership across our Cyber Defense (Red, Blue, Purple teams) and Threat Management across Slack infrastructure. Slack supports a multi-faceted intrusion detection framework and works to test our capabilities through internal and external red/purple team exercises to identify and remediate vulnerabilities before they can be exploited. Your work directly impacts the security of the company and our customers around the world. 

Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?

What you will be doing

  • Lead Slack’s Red Team program and help support Slack’s overall vulnerability management efforts.
  • Coordinate, scope, and lead regular red / purple team engagements, both internally and externally sourced, while keeping exercises constructive and results driven. 
  • Establish goals and track related metrics for vulnerabilities, including vulnerability discovery, classification and resolution time objectives.
  • Document penetration testing results and remediation efforts for status reports for internal and external customers
  • Identify and recommend mitigation process, policy and infra improvements in high risk areas.
  • Partner with other Security and Engineering pillars in the ongoing development of more secure development and operational practices.

What you should have

  • 7+ years of experience working in a combination of software development, intrusion detection, and vulnerability management roles. 
  • Experience using Open Source penetration testing tools, including Metasploit or the Kali Linux tool set. 
  • Knowledge of open security testing standards and projects, including OWASP and the MITRE ATT&CK Matrix.
  • You have a strong dedication to code quality, automation and operational excellence: unit/integration/data quality tests, scripts, workflows.
  • You possess expertise in high-level programming languages (e.g. Go, Java/Scala, Python).
  • You can lead technical architecture discussions and help drive technical decisions within your team.
  • You are a strong communicator (both verbal and written). Explaining complex technical concepts to designers, support, and other engineers is no problem for you.
  • You have a Bachelor's degree in Computer Science, Engineering or a related field, or equivalent training, fellowship, or work experience.

Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment.Visa sponsorship may not be available in certain remote locations.

Visa sponsorship is not available for candidates living outside the country of this position.

Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Slack will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.