Apply

Product Security Engineer

Our Product Security team supports the following tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction, high impact security across everything we do. Members of the Product Security team care deeply about shipping secure products and protecting Slack’s users from bad actors.  We are passionate about enabling our developers to deliver new features securely.  If you join us, your work will directly impact the way millions of people, teams, and businesses get things done using Slack.

Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and working to be a little better every single day. In our work environment, we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?

What you will be doing

  • Contributing security-focused feedback to engineers during all phases of the development lifecycle
  • Performing technical security assessments on our web applications, native clients, internal services, and partner applications
  • Seeking out opportunities to automate processes when appropriate
  • Providing our engineering staff with self-service tooling and training to enable them to design and write secure code
  • Identifying emerging classes of vulnerabilities and developing solutions for them before they’re a problem

What you should have

  • Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
  • Some experience in security review of web applications;  this is an early career position, so we don’t expect you to have a long history in this field
  • Strong understanding of web application architecture and design principles
  • Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
  • Experience with manual secure code review in languages such as: JavaScript, Java, Python, Ruby, PHP
  • Familiarity with common web application testing tools, such as Burp Suite or Zap, and ability to apply that knowledge to practical testing scenarios
  • Knowledge of common security flaws (such as OWASP Top 10) as well as how to identify and mitigate them
  • Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality
  • Though this is not primarily a development role, some background in software engineering in a collaborative and dynamic environment is a plus 

Slack has transformed business communication. It’s the leading channel-based messaging platform, used by millions to align their teams, unify their systems, and drive their businesses forward. Only Slack offers a secure, enterprise-grade environment that can scale with the largest companies in the world. It is a new layer of the business technology stack where people can work together more effectively, connect all their other software tools and services, and find the information they need to do their best work. Slack is where work happens.

Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack’s values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a pleasant and supportive place to work.

Come do the best work of your life here at Slack.