Description
About the Team
Our security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security and strive to provide a low friction, high-impact security model across everything we do.
We’re looking for a blue teamer to help contribute to our Security Engineering team. Significant software engineering experience is absolutely not a requirement, but an interest in development, operations, curiosity, and a deep desire to learn is paramount.
About the Role
This role is to work directly on the Slack Security Operations team with a focus on threat detection, logging, and remediation. We know that no system is perfect, but we aim to provide a record of all actions taken in our environment to address any unknowns.
The ideal candidate is passionate about finding IOCs and suggesting new features and methods of detection to the broader team of software developers. If you can come up with it, we can write the detection with you. Do you have experience with APT tradecraft and threat intel? Please come knock on our door.
Many of the current members of this dozen-person team are multidisciplinary engineers; they do SecDevOps sorts of things, they write Go, they write Python, and they scale Elasticsearch to some very interesting and precarious new heights.
What you will be doing
- Detect threats and help Slack be more secure
- Creatively scale and operate the infrastructure and tools that handle millions of events per second
- Work on and help to define our eBPF based detection framework
- Respond in our on-call rotation during your working hours to fix services we run and investigate potential threats
- Identify and develop new features and a roadmap to augment existing tools to protect Slack’s production infrastructure and to help make our business lives simpler, more pleasant, more productive, and more secure
What you should have
- Curiosity and creativity. You want to know why something happened, not just that it happened. We have a lot of ideas, but are hopeful that your perspective will push us all forward together to deeper understanding.
- A desire to empower your coworkers. This is a role afforded the latitude to define workstreams, and entrusted to approach engineering problems as an art form. You want the solutions you collaborate on to be easy to maintain and you take pride in the quality of your work.
- Motivation to solve problems, not to patch over quick fixes. Being on-call shouldn’t be a burden to team members. If it ever is, fixing it is our highest priority.
- Eagerness to collaborate across the company. We seek to further our approachable and inclusive team ethos. As a software development team first, we are aligned and working with the rest of engineering.
- Broad exposure to various security disciplines and deep understanding of models and reasons behind core security concepts such as MFA, ZeroTrust, and securely managing secrets or tokens.
Bonus Points
- AWS — We run almost everything here, so existing proficiency is a plus, but we can teach you if you’re more comfortable with another provider
- Elasticsearch / Kibana — you can readily access information and love metrics
- Kafka — For some reason, you find this technology compelling
- Google Chronicle — You’re interested in working on both self-hosted tooling and hosted options.
#LI-Y