Description
About Slack Product Security:
Our Product Security Team supports the following tenet of Slack’s mission: make people’s working lives more secure. We’re serious about building a simple-to-use yet secure product, and most importantly, protecting our customers’ data. We take a systematic approach to security and strive to ensure we provide low friction, and high-impact security across everything we do. As a member of the Product Security team, you care about shipping secure products and ensuring the way in for the bad actors is never through the front door (or the back)! You are passionate about enabling our developers to ship secure products. You think about your team as not fixing bugs but developing effective ways to prevent them. Your work will directly impact the way millions of people, teams, and businesses get things done using Slack.
Slack has a positive, diverse, and supportive culture—we look for people who are inquisitive, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking, and, above all, collaborative. If this sounds like a good fit for you, read on ahead!
Overview
Slack’s Product Security Foundations (PSF) group is a dedicated software engineering team within Product Security focused on streamlining the process of secure development, ensuring it is user-friendly for all engineers. A critical aspect of this is creating standardized methods, libraries, tools, and services for engineers across Slack. Join an existing, high-performance, thoughtful team and help make the secure choice the easy one for all of the engineers at Slack! Examples of work this team owns include authorization frameworks that support Slack APIs, core authentication libraries, safe image and attachment processing, in addition to other secure by default libraries.
What you will be doing
Unique opportunity to shape the team’s technical stack and product usage
Partner with Engineering and Technical Program Managers to create technical roadmaps. You will work to accomplish the team’s mission
Lead the architecture, design, and implementation of Authentication, Authorization, and Cryptography at Slack.
Lead, mentor, and guide team members through the software development and operation lifecycles
Partner with people leader stakeholders to help influence change and promote cross-functional communication
Mentor and grow other engineers by providing thoughtful feedback during all phases of the development lifecycle
Communicate risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
Serve as a public representative for security at Slack by engaging in internal and external speaking engagements
Take an active role in driving security initiatives at Slack
Seek out opportunities to automate processes when appropriate
What you should have
5+ years of industry experience in software development
Strong expertise in software engineering best practices
Experience coding in a variety of programming languages
Experience with Amazon Elastic Compute Cloud Resources
A passion for improving security, systems, and processes
Experience in a technical leadership role leading project teams and setting technical direction across team boundaries
Experience designing, operating, and delivering internal and third party security services at scale
Ability to see the big picture and build out concise, comprehensive, yet realistic project plans
Experience working in a complex, matrixed organization involving cross-functional projects
Ability to balance short-term engineering tradeoffs with long-term investments
A track record of mentoring team members
Strong written and verbal communication skills, with high attention to detail
Ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
Knowledge of common security vulnerabilities as published by OWASP, SANS, etc.
Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc.) for security weaknesses and quality
Bonus: Experience with containerized applications and their deployment, experience with secure software development, contributions to the security community (published research, blogging, public speaking, open source projects)