Staff Product Security Engineer

Responsibilities

• Support the application vulnerability management and mitigation approaches.
• Engage in threat modeling and design reviews of in-house developed software components.
• Conduct application security reviews through manual code review or static/dynamic code analysis.
• Educate technical teams on DoD security requirements/architecture and support RD fulfilling federal compliance requirements, e.g. FIPS.
• Provide security guidance and training to internal development teams.
• Promote the Mattermost brand and build awareness through blog posts and public speaking on security subjects.
• Validate ideas and share insights with Product Management/Marketing on product direction and industry trends for security audiences

Requirements

• Deep understanding of web application security and secure development practices.
• Deep understanding with common security libraries, security controls, and common security flaws.
• Experience building and shipping software fulfilling federal and DoD requirements.
• Experience with Threat Modeling applications
• Experience with static/dynamic analysis, and common exploit tools and methods.
• Experience in one or more programming languages, ideally Go or Javascript.
• Excellent written and verbal communication skills, including prior experience on public speaking engagements or published research.
• Demonstrable teamwork skills and resourcefulness.

Preferred Background / Skilset

• Experience working in open source communities
• Experience running a bug bounty program.
• Certifications in the domain of penetration testing or application security (e.g. OSCP, OSWE, GWAPT, …).
• Experience with Electron, React or React Native.
• Experience with Linux / AWS.
• Experience with Kubernetes / Docker.
• Participation in Bug Bounties, CTFs or similar activities