Product Security Engineer

Mattermost is seeking a result-driven and analytical Product Security Engineer to help ensure the security of our product and services across the company. As part of our Security team you will work closely with a globally distributed team to support in all the different aspects of the software development life cycle. You will be responsible for the implementation of additional application security tooling and/or processes across the company and coordinate with relevant stakeholders, gather requirements, and lead the implementation.  

Responsibilities Include:

• Support the application vulnerability management and mitigation approaches 
• Conduct application security reviews through manual code review or static/dynamic code analysis 
• Engage in threat modeling and design reviews of in-house developed software components 
• Provide security guidance and training to internal development teams 
• Triage SCA findings and support internal development teams in SCA findings remediation 
• Improve and/or automate existing processes to increase efficiency. 

 Requirements:

• BS in Computer Science, Cybersecurity, Software Engineering, or a related technical field, or equivalent experience, with 3+ years of relevant experience 
  in application security, secure software development, or penetration testing.
• Understanding of web application security and secure development practices  
• Understanding with common security libraries, security controls, and common security flaws  
• Experience with static/dynamic analysis, and common exploit methods 
• Experience in one or more programming languages, ideally Go or Javascript 
• Excellent written and verbal communication skills 
• Demonstrable teamwork skills and resourcefulness 
• For candidates residing in the U.S.: This role may require the ability to obtain and maintain a U.S. government security clearance in the future. As such, U.S. applicants must be U.S. citizens and eligible under applicable clearance requirements.  
• Applicants must meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR. 

 Preferences:

• Experience working in open source communities 
• Experience running a bug bounty program 
• Experience with Threat Modeling applications 
• Certifications in the domain of penetration testing or application security (e.g. OSCP, OSWE, GWAPT, …) 
• Experience with Electron, React or React Native 
• Participation in Bug Bounties, CTFs or similar activities 

Mattermost takes a market-based approach to pay and pay may vary depending on your location. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.