Mattermost is hiring a
Product Security Engineer

Summary

Mattermost is seeking a result-driven and analytical Product Security Engineer to help ensure the security of their collaboration platform. The role involves supporting application vulnerability management, conducting application security reviews, engaging in threat modeling, providing security training to internal teams, triaging SCA findings, improving processes, and more.

Requirements

• Deep understanding of web application security and secure development practices
• Deep understanding with common security libraries, security controls, and common security flaws
• Experience with Threat Modeling applications
• Experience with static/dynamic analysis, and common exploit tools and methods
• Experience in one or more programming languages, ideally Go or JavaScript
• Excellent written and verbal communication skills
• Demonstrable teamwork skills and resourcefulness

Responsibilities

• Support the application vulnerability management and mitigation approaches
• Conduct application security reviews through manual code review or static/dynamic code analysis
• Engage in threat modeling and design reviews of in-house developed software components
• Provide security guidance and training to internal development teams
• Triage SCA findings and support internal development teams in SCA findings remediation
• Improve and/or automate existing processes to increase efficiency

Preferred Qualifications

• Experience working in open-source communities
• Experience running a bug bounty program
• Certifications in the domain of penetration testing or application security (e.g. OSCP, OSWE, GWAPT, …)
• Experience with Electron, React or React Native
• Participation in Bug Bounties, CTFs or similar activities

Benefits

• $140,000 - $165,000 a year
• Mattermost is an EEO Employer
• Mattermost is a remote-first, open source company