Staff Security Engineer, Enterprise Security Operations
Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.
As a member of the Slack Enterprise Security Operations team, you are the first line of defense for all the people and parts that together make up Slack. You get out of bed every morning thinking about new ways to make life miserable for bad actors. You get excited at the prospect of searching for your adversary, teasing out high-quality signal from the all the noise, and developing new ways to solve hard problems. Your work directly impacts the way millions of people, teams and businesses get things done.
Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?
WHAT YOU WILL BE DOING
- Detect, respond to, investigate and remediate security events in an enterprise environment
- Develop, implement, and automate strategies, to tune and manage tools and rules for detecting and remediating malicious activity
- Strategically define and implement additional detective capabilities or data sources to improve telemetry
- Work in partnership with other teams at Slack to constantly improve our defensive posture
- Create and investigate alerts from detective telemetry and tune rules to increase fidelity, leveraging frameworks such as the ATT&CK matrix
- Perform retrospective analysis using network, host, memory, and other artifacts from multiple operating systems and applications
- Participate in enterprise-wide operations to hunt for adaptable and previously unknown threats
WHAT YOU SHOULD HAVE
- 5-7 years in an enterprise security or threat analyst role
- Experience operating in a production cloud environment, with expertise in at least one of: server, network, cloud, database
- Experience with configuration management and some AWS administration
- Experience tuning, improving and devising new ways to collect signal, reduce noise, and identify suspicious events in corporate and SAAS environments
- Experience with log or data analysis, extracting salient data points to determine an event’s impact and root cause
- Intermediate knowledge of Python and Yara, or similar, and application to security problem sets
- Broad exposure to many security disciplines and deeper understanding of models and principles behind core security concepts
- Strong communication and collaboration skills
Slack is a layer of the business technology stack that brings together people, data, and applications – a single place where people can effectively work together, find important information, and access hundreds of thousands of critical applications and services to do their best work. From global Fortune 100 companies to corner markets, businesses and teams of all kinds use Slack to bring the right people together with all the right information. Slack is headquartered in San Francisco, CA and has ten offices around the world. For more information on how Slack makes teams better connected, visit slack.com.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack’s values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a pleasant and supportive place to work.
Come do the best work of your life here at Slack.