Senior Security Engineer - Vulnerability Management and Red Team
Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to provide low friction, high-impact security across everything we do.
As part of the Security Vulnerability Management team, you will build and operate the critical infrastructure and processes used to monitor and evaluate Slack’s servers and workstations. You will use automation and repeatable processes to cut through the noise and enable everyone to focus their time on the important things. You care passionately about making our security infrastructure reliable, fast effective, and as frictionless as possible. Your work touches everyone at Slack and directly impacts the way millions of people, teams, and businesses get things done.
- Discover, triage and remediate vulnerabilities in the critical IT and production infrastructure used to protect the company’s most sensitive data.
- Build, maintain and manage vulnerability scanning and compliance infrastructure.
- Automate tooling and process to eliminate as much manual work as possible, implementing the latest IT security technology.
- Collaborate with the company’s operations team, and develop IT security standards and advise on best practices.
- Help improve signal detection and alerting capabilities, and recommend security enhancements to management and senior IT staff.
- Create and develop software engineering solutions to improve the company’s information security stack and production security issues.
- Develop proofs of concept to properly classify vulnerabilities on the company’s systems.
- Participate in the on-call rotation supporting the information security team’s infrastructure with approximately 1 response required per month.
- You have a Bachelor’s Degree, or equivalent experience, in Computer Science, Software Engineering, Computer Engineering, Electrical Engineering, or closely-related field
- You are familiar with installation, configuration, use and maintenance of vulnerability assessment tools such as Nessus, OpenVAS, or Nexpose
- You are familiar with exploit development & frameworks such as Metasploit
- You have three or more years of security work experience or have a background in development or operations with a strong interest in security
- You are proficient in at least one programming language, such as Python, Go, Node, PHP, Ruby, *sh, etc. and write readable, maintainable code.
- You have a solid background using Linux and *nix operating systems
- You have experience with administration of cloud services, such as AWS and / or Google Cloud
- You understand vulnerability discovery and exploit development and have used tools such as afl & gdb
- You have a solid understanding of web application architecture
- You have used configuration management tools (Ansible, Chef, Puppet, etc)
- You have experience working with git for source code management
- You have strong written and verbal communication skills
- You have written on technical topics for a technical and non-technical audience
Slack is where work happens. It connects you with the people and apps you work with every day, no matter where you are or what you do. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.
Launched in February 2014, Slack is the fastest growing business application ever and is used by thousands of teams and millions of users every day. We currently have eight offices worldwide, in San Francisco, Vancouver, Dublin, Melbourne, New York, London, Tokyo, and Toronto.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack's values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a fun place to work. Come do the best work of your life here at Slack.