Staff Product Security Engineer (Remote)
Mattermost, United States

Mattermost is an open source platform for secure collaboration across the entire software development lifecycle. Hundreds of thousands of developers around the globe trust Mattermost to increase their productivity by bringing together team communication, task and project management, and workflow orchestration into a unified platform for agile software development.
Founded in 2016, Mattermost’s open source platform powers over 800,000 workspaces worldwide with the support of over 4,000 contributors from across the developer community. The company serves over 800 customers, including European Parliament, NASA, Nasdaq, Samsung, SAP, United States Air Force and Wealthfront, and is backed by world-class investors including Battery Ventures, Redpoint, S28 Capital, YC Continuity. To learn more, visit www.mattermost.com.
We value high impact work, ownership, self-awareness and being focused on customer success. If these values match who you are, we hope you'll learn more about working at Mattermost and apply!
Mattermost is seeking a result-driven and analytical Staff Product Security Engineer to help ensure the security of our product and services across the company. As part of our Security team you will work closely with a globally distributed team to support in all the different aspects of the software development life cycle. You will be responsible for the implementation of additional application security tooling and/or processes across the company and coordinate with relevant stakeholders, gather requirements, and lead the implementation.Responsibilities

• Support the application vulnerability management and mitigation approaches.
• Engage in threat modeling and design reviews of in-house developed software components.
• Conduct application security reviews through manual code review or static/dynamic code analysis.
• Educate technical teams on DoD security requirements/architecture and support Ramp;D fulfilling federal compliance requirements, e.g. FIPS.
• Provide security guidance and training to internal development teams.
• Promote the Mattermost brand and build awareness through blog posts and public speaking on security subjects.
• Validate ideas and share insights with Product Management/Marketing on product direction and industry trends for security audiences

Requirements

• Deep understanding of web application security and secure development practices.
• Deep understanding with common security libraries, security controls, and common security flaws.
• Experience building and shipping software fulfilling federal and DoD requirements.
• Experience with Threat Modeling applicationsExperience with static/dynamic analysis, and common exploit tools and methods.
• Experience in one or more programming languages, ideally Go or Javascript.
• Excellent written and verbal communication skills, including prior experience on public speaking engagements or published research.
• Demonstrable teamwork skills and resourcefulness.

Preferred Background / Skilset

• Experience working in open source communitiesExperience running a bug bounty program.
• Certifications in the domain of penetration testing or application security (e.g. OSCP, OSWE, GWAPT, ).
• Experience with Electron, React or React Native.
• Experience with Linux / AWS.
• Experience with Kubernetes / Docker.
• Participation in Bug Bounties, CTFs or similar activities

Mattermost is an EEO Employer. We are a remote-first company with staff living and working across the globe.We are currently hiring staff in these countries/regions:
Canada - Germany - Greece - India - Spain - United Kingdom - United States
We are constantly working towards adding more countries/regions to this list, but first we need to make sure we are compliant with local laws and regulations, which takes time.
Mattermost is made up of people from a wide variety of backgrounds and lifestyles. We embrace diversity and invite applications from people from all walks of life. We don't discriminate against staff or applicants based on gender identity or expression, sexual orientation, race, religion, age, national origin, citizenship, disability, pregnancy status, veteran status, or any other differences. Also, if you have a disability, please let us know if there's any way we can make the interview process better for you; we're happy to accommodate!