Security Automation Engineer
Slack is looking for a skilled Security Automation Engineer with extensive software automation experience to join our Platform Security team. Our Platform Security team enables Slack to deliver secure products at scale while continuing to move fast in delivering new features and innovation to our customers. Automation is a key catalyst in helping us create secure code at speed and scale. In this role we have an incredible opportunity to move security feedback closer than ever to the developer and preventing bugs from being released into production.
This is an excellent position for developers who enjoy working on test frameworks, test infrastructure, automation code , and automation tools. In this position, you will be responsible for the end-to-end cycle of security testing automation, including, but not limited to, crafting a strategy, writing a plan, crafting and executing tests, finding regressions, logging and verifying bugs, and creating comprehensive historical records of testing activities. Your work will directly impact the way millions of people, teams, and businesses get things done using Slack.
- Being a leader and advocate for security testing automation
- Establishing and communicating test automation strategies and processes
- Evaluating and implementing security test automation tools and tooling standards
- Being able and willing to perform hands-on automation coding / scripting and execution tasks
- Building and customizing automation frameworks to increase reuse and reduce effort
- Keeping security testing automation framework current, flexible and designed to work within a continuous integration framework in a fast moving environment
- Mentoring and assisting developers with robust unit / component, commit/build and deploy / CI-CD test automation and standard methodologies
- Work with cross-functional teams to build, own, and deliver test plans for testing security of both new and existing features and functionality
- Designing and executing regression tests on an ongoing basis
- Isolating and reproducing security defects across all parts of the ecosystem
- Triaging and logging issues in our bug tracking tool
- Working with engineers and platform security to identify and address gaps in security testing coverage
- Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
- 3+ years of experience in security testing of web applications and native mobile apps
- Sound understanding of secure web application architecture and design principles
- Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
- Experience with a variety of tools and dashboards in automating security testing of desktop, browser and non-UI applications; web services; and data extraction and loading processes
- Experience in debugging with Chrome Developer Tools / Firebug, and hands-on experience with one or more UI automation tools / frameworks
- Knowledge of Atlassian toolset such as Jira, Confluence, Crucible, or similar
- Experience or familiarity with the tools, languages, databases, and environments currently used in our development and testing efforts: Selenium and Selenium Grid, Node.js, MySQL, Redis, Jenkins
- Familiarity with Agile scrum methodology and test management applications
- Experience in running unattended, regularly scheduled automated tests in environments
- Excellent communication, collaboration and relationship-building skills
- Commitment to QA methodologies and advocate for comprehensive security testing including unit, functional, and integration
- Organizational skills to gather and record detailed and accurate information about bugs and systemic issues
- Experience with Amazon AWS services and familiarity with Slack products is a plus
Slack is where work happens. It connects you with the people and apps you work with every day, no matter where you are or what you do. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.
Launched in February 2014, Slack is the fastest growing business application ever and is used by thousands of teams and millions of users every day. Slack's investors include many of the best-recognized firms in the world, including Accel Partners, Andreessen Horowitz, Social+Capital, KPCB, Google Ventures, Horizons Ventures, IVP, Spark Growth, DST, and Index Ventures. We currently have eight offices worldwide, in San Francisco, Vancouver, Dublin, Melbourne, New York, London, Tokyo, and Toronto.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack's values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a fun place to work. Come do the best work of your life here at Slack.