Come work with us

Apply

Manager, Product Security

San Francisco

Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.
 
The Slack Product Security Team, is one of the first lines of defense for all the people and parts that together make up Slack. As the leader for this team, you care about shipping a secure product and ensuring that the way in is never through the front door. You are passionate about enabling our developers to ship secure code. You think about your job as not fixing bugs, but finding ways to completely eliminate them. Your work directly impacts the way millions of people, teams, and businesses get things done.

Responsibilities

  • Managing the engineers who are responsible for black-box penetration testing, bug bounty, SDL, and feature reviews.
  • Helping set and fulfill the hiring plan for the team, including sourcing, screening, and interviewing
  • Develop, coach and grow security engineers
  • Represent the team in planning and product decisions
  • Align the team with security- and company-wide goals
  • Implement effective security strategy, processes and metrics, both as a team and working in partnership with other teams
  • Represent Slack security and management in industry events
  • Participate in our incident response and vulnerability remediation efforts
  • Help implement application security tools and develop new automation and tooling

Requirements

  • You have several years of serving in either a security management role or a senior security leadership role.
  • You possess exceptional written and verbal communication skills.
  • You are highly organized. With many people doing many things in a fast-moving company, strong organizational skills—both for yourself and for the team—will be required.
  • You are able to weigh several, often conflicting constraints and make rapid decisions in a dynamic and quickly-growing company.
  • You have experience identifying and protecting against web application and web service security vulnerabilities including those found in the OWASP Top 10.
  • You have familiarity with common web application testing tools (Burp Suite, etc)
  • You have development experience in one or more of these languages: Java, JavaScript / NodeJS, PHP, Python, and GO.
  • You possess strong knowledge of the browser security model, crypto, and network security.

Slack is where work happens. It connects you with the people and apps you work with every day, no matter where you are or what you do. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.

Launched in February 2014, Slack is the fastest growing business application ever and is used by thousands of teams and millions of users every day. Slack's investors include many of the best-recognized firms in the world, including Accel Partners, Andreessen Horowitz, Social+Capital, KPCB, Google Ventures, Horizons Ventures, IVP, Spark Growth, DST, and Index Ventures. We currently have five offices worldwide, in San Francisco, Vancouver, Dublin, Melbourne and New York.

Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack's values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a fun place to work. Come do the best work of your life here at Slack.