Clerk is hiring a
Product Security Engineer

Summary

The job is for a Security Engineer at Clerk who will build secure-by-default mechanisms throughout the product lifecycle, conduct regular architecture reviews and code audits, contribute to vulnerability management program, provide guidance on security best practices, collaborate with Infrastructure team, document secure development policies, and more. The role requires proven experience in a software security role with 5+ years of hands-on experience, expertise in proactive secure coding practices, experience with application security tooling, experience with authentication and authorization protocols, familiarity with Supply-chain Levels for Software Artifacts, and familiarity with Cloud infrastructure platforms.

Requirements

• Proven experience in a software security, application security, or product security role with 5+ years (use this as a gauge, not a hard requirement) of hands-on experience
• Strong empathy with the ability to enable engineers to move quickly and securely, ideally having previously worked as a software engineer
• Expertise in proactive secure coding practices such as encryption, secrets management, and eliminating vulnerability classes (e.g. in the OWASP Top 10)
• Experience with reading and writing code in Go, TypeScript, or similar languages with the ability to dive into codebases, debug, and suggest fixes
• Experience with application security tooling (SAST/SCA/DAST/etc.) and building custom queries using Semgrep/CodeQL/etc
• Experience with authentication and authorization protocols such as OAuth, OpenID Connect, and SAML
• Familiarity with Supply-chain Levels for Software Artifacts (SLSA)
• Familiarity with Cloud infrastructure platforms, preferably GCP

Responsibilities

• Build secure-by-default, defense-in-depth, and least privilege mechanisms throughout our product lifecycle
• Work closely with engineering teams on security best practices from design and architecture to implementation and monitoring
• Create paved roads for engineers to develop securely by default and build guardrails for when we veer off course
• Conduct regular architecture reviews and code audits to detect potential threats, risks, and vulnerabilities
• Harden our CI/CD pipelines and improve the integrity of Clerk’s software artifacts
• Contribute to and improve Clerk’s vulnerability management program including vulnerability disclosure, security scans, and penetration tests
• Provide guidance and training to teammates on security best practices and building resiliency into our systems
• Collaborate with our Infrastructure team to establish secure infrastructure-as-code modules and minimal base container images

Benefits

• Competitive Salary
• Equity Ownership
• Health Coverage
• Work Gear
• Flexible Vacation Policy
• Diverse and Inclusive Team