Staff Software Engineer, Product Security-Slack

Published date Posted on Indeed on Aug 03, 2022 (9 d ago)

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.

Job Category

Products and Technology

Job Details

Slack enables people around the world to communicate and collaborate together, from the world’s largest public companies to the smallest of startups. We take performance and reliability very seriously. A taste of our scale:

  • During the week, our users spend over a billion minutes a day active in our product.

  • At peak usage, a million messages a minute passed through Slack.

  • Every day we see over 15 million simultaneously connected users

  • For millions of people, Slack is their primary communication tool for working and more and they expect it to be exceptionally reliable and fast year-round.

About Us
Our Product Security team supports the following tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction, high impact security across everything we do. As a member of the Product Security team, you care about shipping secure products and protecting Slack’s users from bad actors. You are passionate about enabling our developers to deliver new features securely. You think about your job as not just identifying individual vulnerabilities but also finding effective ways to eliminate whole classes of them. Your work will directly impact the way millions of people, teams, and businesses get things done using Slack.
Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and working to be a little better every single day. In our work environment, we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, read on ahead!

What You Will Be Doing

  • Contributing security-focused feedback to engineers during all phases of the development lifecycle

  • Performing technical security assessments on our web applications, native clients, internal services, and partner applications

  • Seeking out opportunities to automate processes when appropriate

  • Scaling the impact of our team through direct mentorship of our more junior team members

  • Communicating risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns

  • Maintaining and creating secure development practices and programs for our engineering teams and external developers

  • Acting as an ambassador for security within Slack

  • Serving as a public representative for security at Slack by engaging periodically in internal and external speaking engagements

  • Supporting our FedRAMP authorized environment

What You Should Have

  • Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience

  • 5+ years experience in security testing of web applications and native apps

  • Deep understanding of web application architecture and design principles

  • Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers

  • Experience with manual secure code review in languages such as: JavaScript, Java, Python, Ruby, PHP

  • Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx, Veracode

  • Knowledge of authentication mechanisms like SAML, OAuth, etc.

  • Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.

  • Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality

  • Ability to see patterns, commonalities and investigate complex issues

  • Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues

  • Experience with Amazon AWS services and familiarity with Slack products is a plus

  • Current or former security training or certifications such as SANS GWAPT or similar is a plus

  • Public speaking engagements or published research is also a plus; a successful engineer in this role will be expected to represent Slack externally from time to time

  • Though this is not primarily a development role, some background in software engineering in a collaborative and dynamic environment is a plus c ome join us!

*Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment.


*Visa sponsorship is not available for candidates living outside the country of this position.


*Pursuant to the San Francisco Fair Chance Ordinance and the Los Angeles Fair Chance Initiative for Hiring, Salesforce will consider for employment qualified applicants with arrest and conviction records.

For Colorado-based roles: Minimum annual salary of $158,000. You may also be offered a bonus, restricted stock units, and benefits.

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form .

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce.com and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce.com and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce.com and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce.com or Salesforce.org .

Salesforce welcomes all.


Let us know

Help us maintain the quality of jobs posted on RemoteTechJobs and let us know if:

Loading...
Success
Error on reporting

Related jobs

Capgemini Government Solutions Capgemini Government Solutions... |
|
Yesterday

Capgemini Government Solutions (CGS) LLC is seeking a highly motivated ServiceNow Developer to join our team to support our government clients. In this remote role, the candidate can be located anywhere in the United States. This multi-faceted opportunity.

Piper Companies Piper Companies |
|
3 d ago

Piper Companies is currently looking for a Remote JavaScript Software Engineer you will be at the center of our efforts to build and/or redesign scalable software solutions for our clients. You will design, develop, test, and debug software, and your.

SuperCare Health SuperCare Health |
Yesterday

Software Developer with DevOps ExperienceThe developer will start off with maintaining existing code bases and supporting 3rd tier help desk tickets with the aim of solving root causes throughLong term, the developer will be working on new projects as.

Propelsys Technologies Llc. Propelsys Technologies Llc.... |
Yesterday

ResponsibilitiesGIS Technical ArchitectRemoteRequired Skills:Experience- 8-12 years of experienceSkills Required- ESRI ArcGIS / QGIS, ArcFM, ASP.NET, JavascriptJob description:8+ years of experience architecting, implementing, and administrating enterprise.

About LarkLark is the world's largest A.I. healthcare provider, servicing nearly 2 million patients suffering from or at risk of chronic disease with A.I. Nurses. We are on a mission to make the world a healthier, happier place. Come join our team!The.

More jobs by this company

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsBuild the Asynchronous Services that power Slack.Slack enables.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsNote: By applying to the Backend Software Development Engineer.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsSlack enables people around the world to communicate and.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsWould you like to work on one of the most innovative products.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategorySalesJob DetailsFinancial institutions across the globe are turning to data to help them manage.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryEmployee Success GroupJob DetailsCompensation Programs, ManagerLocation: RemoteAbout Salesforce:.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsJob CategoryProducts and TechnologyJob DetailsJoin a high.

Salesforce Salesforce |
21 d ago

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsLead Network Engineer - Backbone EngineeringDescriptionAs.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsNote: By applying to the Software Full Stack Development.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsSlack is looking for a Staff Data Engineer to join the Data.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategorySalesJob DetailsAs a Strategic Account Executive, Financial Services, you will be responsible.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsSenior / Lead / Principal Distributed Systems Software Engineer.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryCustomer Success GroupJob DetailsSalesforce Professional Services is looking for multiple Technical.

To get the best candidate experience, please consider applying for a maximum of 3 roles within 12 months to ensure you are not duplicating efforts.Job CategoryProducts and TechnologyJob DetailsSlack enables people around the world to communicate and.