Product Security Engineer

Slack is a messaging app for teams that is on a mission to make your working life simpler, more pleasant, and more productive. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.

Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do. As part of the Product Security team, you care about shipping a secure product and ensuring that the way in is never through the front door. You are passionate about enabling our developers to ship secure code. You think about your job as not fixing bugs, but finding ways to completely eliminate them. Your work directly impacts the way millions of people, teams, and businesses get things done.

* Perform technical security assessments on web applications, mobile clients, and architecture designs * Efficiently scope black-box, white-box, and hybrid assessments to optimize review time and resources * Communicate risk effectively to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns for security topics * Maintain and create secure development practices and programs for our engineering teams and external developers

* Clear understanding of web application architecture and design principles * Strong written and verbal communication skills; communicates with empathy when delivering constructive feedback (eg security bugs) to other engineers * Background in software engineering and common development practices in a collaborative environment * Familiarity with common web application testing tools (Burp Suite, etc) * Ability to learn new technologies quickly and provide appropriate security advice * Knowledge of how to test code and applications across various platforms (iOS, Mac, Windows, Android, etc) for security and quality * Seeks out opportunities to automate processes when appropriate * Identifies risk in code, applications, processes, and architecture