Incident Response Engineer

Slack is a messaging app for teams that is on a mission to make your working life simpler, more pleasant, and more productive. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.

Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do. As a member of the Slack Incident Response Team, you are the first line of defense for all the people and parts that together make up Slack.

You get out of bed every morning thinking about new ways to make life miserable for bad actors. You get excited at the prospect of searching for your adversary, teasing out high-quality signal from the all the noise, and developing new ways to solve hard problems. Your work directly impacts the way millions of people, teams and businesses get things done.

• Detect, respond to and remediate security events
• Develop and implement strategies for detecting and remediating malicious activity
• Work in partnership with other teams at Slack to constantly improve our defensive posture
• Investigate network, host, memory, and other artifacts from multiple operating systems and applications
• Participate in enterprise-wide operations to hunt for adaptable and previously unknown threats

• Experience tuning, improving and devising new ways to collect signal and identify suspicious events in a corporate and production environment
• Broad exposure to various security disciplines
• Strong forensic experience with one or more major operating systems (Windows, OS X, or Linux)
• Intermediate knowledge of Python or similar