Senior Security Engineer - Vulnerability Management and Red Team
Slack, San Francisco
Slack's cloud-based collaboration tools and services are used worldwide.
Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to provide low friction, high-impact security across everything we do.
As part of the Security Vulnerability Management team, you will build and operate the critical infrastructure and processes used to monitor and evaluate Slack’s servers and workstations. You will use automation and repeatable processes to cut through the noise and enable everyone to focus their time on the important things. You care passionately about making our security infrastructure reliable, fast effective, and as frictionless as possible. Your work touches everyone at Slack and directly impacts the way millions of people, teams, and businesses get things done.
- Discover, triage and remediate vulnerabilities in the critical IT and production infrastructure used to protect the company’s most sensitive data.
- Build, maintain and manage vulnerability scanning and compliance infrastructure.
- Automate tooling and process to eliminate as much manual work as possible, implementing the latest IT security technology.
- Collaborate with the company’s operations team, and develop IT security standards and advise on best practices.
- Help improve signal detection and alerting capabilities, and recommend security enhancements to management and senior IT staff.
- Create and develop software engineering solutions to improve the company’s information security stack and production security issues.
- Develop proofs of concept to properly classify vulnerabilities on the company’s systems.
- Participate in the on-call rotation supporting the information security team’s infrastructure with approximately 1 response required per month.
- You have a Bachelor’s Degree, or equivalent experience, in Computer Science, Software Engineering, Computer Engineering, Electrical Engineering, or closely-related field
- You are familiar with installation, configuration, use and maintenance of vulnerability assessment tools such as Nessus, OpenVAS, or Nexpose
- You are familiar with exploit development & frameworks such as Metasploit
- You have three or more years of security work experience or have a background in development or operations with a strong interest in security
- You are proficient in at least one programming language, such as Python, Go, Node, PHP, Ruby, *sh, etc. and write readable, maintainable code.
- You have a solid background using Linux and *nix operating systems
- You have experience with administration of cloud services, such as AWS and / or Google Cloud
- You understand vulnerability discovery and exploit development and have used tools such as afl & gdb
- You have a solid understanding of web application architecture
- You have used configuration management tools (Ansible, Chef, Puppet, etc)
- You have experience working with git for source code management
- You have strong written and verbal communication skills
- You have written on technical topics for a technical and non-technical audience
Empathy. Courtesy. Playfulness. Craftsmanship. Solidarity — these are some of the values we live by, as a company. We work by them, too: we’re building a platform and products we believe in — knowing there is real value to be gained from helping people, wherever they are, simplify whatever it is that they do and bring more of themselves to their work.
We’re building a strong, diverse team of curious, creative people who want to find a purpose in their work and support each other in the process. We work hard and we play to win… within normal business hours. And then we go home.
That balance is important: It enables us to truly do the best work of our lives. As a result, we create a place where all kinds of work happens — and happens well — all while working alongside people we respect and admire.
Want to learn more about Slack? Visit Slack's website.
Jobs You May Like
Principal Web Architect
Magic Leap, Inc., Plantation, FL
Senior Data Engineer
Honey, Downtown Los Angeles
Senior Analytics Engineer
Wizeline, San Francisco
Software QA Engineer - (contract)
PlayStation, San Francisco, CA
Vehicle Test Engineer
Zoox, San Carlos, CA
Full Stack Software Engineer