Senior Product Security Engineer

Mattermost is seeking a result-driven and analytical Senior Product Security Engineer to help ensure the security of our product and services across the company. As part of our Security team you will work closely with a globally distributed team to support in all the different aspects of the software development life cycle. You will be responsible for the implementation of additional application security tooling and/or processes across the company and coordinate with relevant stakeholders, gather requirements, and lead the implementation.  

Responsibilities Include:

• Support the application vulnerability management and mitigation approaches 
• Conduct application security reviews through manual code review or static/dynamic code analysis 
• Engage in threat modeling and design reviews of in-house developed software components 
• Provide security guidance and training to internal development teams 
• Triage SCA findings and support internal development teams in SCA findings remediation 
• Improve and/or automate existing processes to increase efficiency. 

 Requirements:

• BS in Computer Science, Cybersecurity, Software Engineering, or a related technical field, or equivalent experience, with 5+ years of relevant experience
  in application security, secure software development, or penetration testing.
• Deep understanding of web application security and secure development practices  
• Deep understanding with common security libraries, security controls, and common security flaws  
• Experience with Threat Modeling applications 
• Experience with static/dynamic analysis, and common exploit methods 
• Experience in one or more programming languages, ideally Go or Javascript 
• Excellent written and verbal communication skills 
• Demonstrable teamwork skills and resourcefulness 
• For candidates residing in the U.S.: This role may require the ability to obtain and maintain a U.S. government security clearance in the future. As such, U.S. applicants must be U.S. citizens and eligible under applicable clearance requirements.  
• Applicants must meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR. 

 Preferences:

• Experience working in open source communities 
• Experience running a bug bounty program
• Certifications in the domain of penetration testing or application security (e.g. OSCP, OSWE, GWAPT, …) 
  
• Experience with Electron, React or React Native 
  
• Participation in Bug Bounties, CTFs or similar activities 

Mattermost takes a market-based approach to pay and pay may vary depending on your location. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.