POSTED Jan 24

Product Security Software Engineer II

Job Category

Products and Technology

Job Details

Slack enables people around the world to communicate and collaborate together, from the world’s largest public companies to the smallest of startups. We take performance and reliability very seriously. A taste of our scale:

During the week, our users spend over a billion minutes a day active in our product.
At peak usage, a million messages a minute passed through Slack.
Every day we see over 15 million simultaneously connected users
For millions of people, Slack is their primary communication tool for work and more and they expect it to be exceptionally reliable and fast year-round.

About Us

Our Product Security team supports the following tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly our customers’ data. We take a systemic approach to security and strive to ensure we provide low friction, high impact security across everything we do. As a member of the Product Security team, you care about shipping secure products and protecting Slack’s users from bad actors. You are passionate about enabling our developers to deliver new features securely. You think about your job as not just identifying individual vulnerabilities but also finding effective ways to eliminate whole classes of them. Your work will directly impact the way millions of people, teams, and businesses get things done using Slack.

Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and working to be a little better every single day. In our work environment, we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, read on ahead!

What you will be doing

Contributing security-focused feedback to engineers during all phases of the development lifecycle
Performing technical security assessments on our web applications, native clients, internal services, and partner applications
Seeking out opportunities to automate processes when appropriate
Scaling the impact of our team through direct mentorship of our more junior team members
Communicating risks to engineering staff through training and technical demonstration of vulnerabilities and secure design patterns
Maintaining and creating secure development practices and programs for our engineering teams and external developers
Acting as an ambassador for security within Slack
Serving as a public representative for security at Slack by engaging periodically in internal and external speaking engagements
Identifying emerging classes of vulnerabilities and developing solutions for them before they’re a problem
Efficiently scoping blackbox, whitebox, and graybox assessments to optimize security review time and resources

What you should have

3+ years experience in security testing of web applications and native apps
Bachelor’s degree in Computer Science, Engineering or related field, or equivalent training, fellowship, or work experience
Deep understanding of web application architecture and design principles
Strong written and verbal communication skills and ability to communicate with empathy when delivering constructive feedback regarding security matters to engineers and product designers
Experience with manual secure code review in languages such as: JavaScript, Java, Python, Ruby, PHP
Familiarity with common web application testing tools for DAST, SAST, and IAST analysis such as Burp Suite, Checkmarx, Veracode
Knowledge of authentication mechanisms like SAML, OAuth, etc.
Knowledge of common security flaws and resolution as published by OWASP, SANS, etc.
Knowledge of how to test code and applications across various platforms (iOS, Mac, Linux, Windows, Android, etc) for security and quality
Ability to see patterns, commonalities and investigate complex issues
Organizational skills to bring together and record detailed and accurate information about bugs and systemic issues
Experience with Amazon AWS services and familiarity with Slack products is a plus
Current or former security training or certifications such as SANS GWAPT or similar is a plus
Public speaking engagements or published research is also a plus; a successful engineer in this role will be expected to represent Slack externally from time to time
Though this is not primarily a development role, some background in software engineering in a collaborative and dynamic environment is a plus

Come join us!

Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment.

Visa sponsorship is not available for candidates living outside the country of this position.

More details about our company benefits can be found at the following link: https://www.getsalesforcebenefits.com/

Accommodations

If you require assistance due to a disability applying for open positions please submit a request via this Accommodations Request Form

Posting Statement

At Salesforce we believe that the business of business is to improve the state of our world. Each of us has a responsibility to drive Equality in our communities and workplaces. We are committed to creating a workforce that reflects society through inclusive programs and initiatives such as equal pay, employee resource groups, inclusive benefits, and more. Learn more about Equality at Salesforce and explore our benefits.

Salesforce, Inc. and Salesforce.org are Equal Employment Opportunity and Affirmative Action Employers. Qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender perception or identity, national origin, age, marital status, protected veteran status, or disability status. Salesforce, Inc. and Salesforce.org do not accept unsolicited headhunter and agency resumes. Salesforce, Inc. and Salesforce.org will not pay any third-party agency or company that does not have a signed agreement with Salesforce, Inc. or Salesforce.org.

Salesforce welcomes all.

For Colorado-based roles, the base salary hiring range for this position is $133,400 to $183,400.

Compensation offered will be determined by factors such as location, level, job-related knowledge, skills, and experience.

Certain roles may be eligible for incentive compensation, equity, and benefits. More details about our company benefits can be found at the following link: https://www.salesforcebenefits.com.

Does this position require a security clearance?:

Yes

View all jobs posted by this company

Apply Now!

Resume

You don't have a resume loaded to the system, so this application won't include any resume attachment. If you don't have a resume to upload, you can use the cover letter area below and include a link to your resume if you prefer.

Resume

Cover letter

My passion for cybersecurity stems from a lifelong fascination with technology and problem-solving. In my early education I was interested in attending conferences and seminars of Information Technology, I was always drawn to understanding how things worked and how to build them. This natural curiosity naturally gravitated towards the ever-evolving world of cybersecurity.
My experience as a Cybersecurity Engineer in the past of 2 years with various certifications, by attending workshops and current at Secure Point 360, LLC further solidified my desire for a STEM career. Here, I thrived in the fast-paced environment, identifying and mitigating security risks for clients. Managing and monitoring SP360 as the unified endpoint management and admin instilled the importance of continuous vigilance in safeguarding data across various platforms (cloud, endpoints, servers, SAST). These experiences not only honed my technical skills but also showcased the critical role cybersecurity plays in protecting our digital world.
I am confident that I can make a significant contribution to your team. I have attached my resume for your review and would be grateful for the opportunity to discuss my qualifications further. Thank you for your time and consideration.
URL: https://www.linkedin.com/in/kenvishah/

Cover letter

MANON GUEGUEN
Paris, France – +33627310646 – manongueguen@protonmail.com
I am an accomplished analyst combining an expertise in geopolitics and cybersecurity. This background gives me a unique perspective on the current threat landscape. When it comes to my career, I am willing to relocate as my first wish is to evolve in an international environment. Personality-wise, I am a very active person, stimulated by ever-changing situations and new encounters.
EXPERIENCE
ALMOND Sèvres, France
Cybersecurity consulting
Cyber Threat Intelligence Analyst
JANUARY 2023 – TODAY
● Develop a new CTI service from scratch (decision making regarding the roadmap, initiate new projects, design
technical, tactical, and strategic intelligence reports, developing working methodologies, leading meetings, create
synergies with the SOC/CERT team and other business units, participate in the commercial strategy)
● Writing of intelligence reports: retail and financial sectors, data breach, threat landscape analysis, APT, ransomware etc
(strong understanding of the evolution of techniques, tactics and procedures (TTPs), cyber kill chain reconstruction,
edit and review content to match high quality standards)
● Writing of briefings on cyber events to different types of publics: technical, non-technical, journalists, senior
executives and CEOs (be quick to verify real-time news, articulate complex information with clarity and brevity)
● Writing of analysis on complex geopolitical issues (critical thinking, elaborate visuals and infographics)
● Writing of a study on the insider threat (critical thinking, collect and analyze data)
● Technology policy (AI, cyber laws) and threat actors’ monitoring (curiosity, strong organizational skills)
● Training on the basics of cybersecurity: key concepts, cryptography, OWASP, OSI, TCP/IP, network layers… (high
learning ability)
● Investigating SIEM alerts (OSINT, process the alerts raised in the SOAR, qualify incidents, ensure the follow-up)
● Give presentations to clients and collaborators (strong interpersonal and networking skills, e.g. highlighting key
conferences from Botconf 2023)
INSEAD Fontainebleau, France
Education
Exam invigilator NOVEMBER 2022 – DECEMBER 2022
XMCO Paris, France
Cybersecurity consulting
Threat Intelligence Analyst JUNE 2022 – OCTOBER 2022
● Daily writing of cybersecurity newsletters and alerts (threat criticality assessment, cyber kill chain reconstruction,
monitoring open and closed intelligence sources, good contextual analysis skills)
● Follow-up with clients (ability to popularize complex ideas and concepts)
● Research, identification and qualification of fraud schemes (good investigative skills)
● Elaboration of an economic intelligence service
● Technology development and threat actors’ monitoring (identify relevant content and conferences)
● Acquisition of technical skills (bash, network architecture…)
BOULANGERIE BLOT Melun, France
Bakery shop
Saleswoman SEPTEMBER 2021 – MAY 2022
ADVINTEL New York City, United-States (Remote)
Cybersecurity consulting
Threat Intelligence Analyst Intern APRIL 2021 – AUGUST 2021
● Mastery of the intelligence lifecycle (OSINT, HUMINT, SIGINT) and threat prevention through investigations (strong
research capabilities to gather information from various sources)
● Intelligence research and analysis, cybercrime research and investigation, finished intelligence products for 450+
customers, data analysis (knowledge of different types of malware, botnet groups, ransomware syndicates, TTPs, cyber
fraud and loss prevention, well-developed investigative mindset, good understanding of underground forums)
EDUCATION
GRENOBLE-ALPES UNIVERSITY Grenoble, France
MASTER’S DEGREE IN INTERNATIONAL SECURITY AND DEFENSE 2020 – 2021
● Cybersecurity: application of international law to cyberspace, states’ cyber capabilities, analysis of the notion of
cyberwar, global growth of the cybersecurity market
● Geopolitics: thesis on the diplomatic and strategic stakes of China’s involvement in cyberspace
ÉCOLE D’URBANISME DE PARIS Champs-sur-Marne, France
MASTER’S DEGREE IN URBAN PLANNING 2019 – 2020
PARIS 1 PANTHÉON-SORBONNE UNIVERSITY Paris, France
BACHELOR’S AND MASTER’S DEGREE IN GEOGRAPHY 2013 – 2017
SKILLS AND INTERESTS
● Technical: Python (beginner), MITRE ATT&CK, Maltego, Office 365, Agile, Scrum, ArcGIS, QGIS
● Languages: French (native), English (TOEIC 2019: 915/990), Mandarin (B1), Spanish (B1), Russian (beginner)
● Interests: defense, politics, academic research (press, conferences, life-long learning)
● Volunteering: Cyber Peace Institute (conduct phishing exercices and cybersecurity awareness trainings

View all jobs