At Mattermost, we build the #1 collaborative workflow solution for defense, intelligence, security, and critical infrastructure organizations. Trusted by governments, financial institutions, and technology companies, our platform enables secure, efficient operations for the world’s most critical teams.
We’re dedicated to empowering organizations to operate with confidence, reducing risks, and accelerating productivity. Guided by our core values of Customer Obsession, Earn Trust, Self Awareness, Ownership and High Impact, we collaborate closely with our customers to deliver solutions that meet complex needs and drive success.
To learn more, visit www.mattermost.com
Mattermost is seeking a results-driven and analytical Product Security Engineer to help ensure the security of our product and services across the company. As part of our Security team, you will work closely with a globally distributed team to support all aspects of the software development life cycle. You will be responsible for the implementation of additional application security tooling and/or processes across the company, coordinating with relevant stakeholders, gathering requirements, and leading the implementation.

REQUIREMENTS:

• BS in Computer Science, Cybersecurity, Software Engineering, or a related technical field, or equivalent experience, with 3+ years of relevant experience in application security, secure software development, or penetration testing
• Understanding of web application security and secure development practices
• Familiarity with common security libraries, security controls, and common security flaws
• Experience with static/dynamic analysis, and common exploit methods
• Experience in one or more programming languages, ideally Go or JavaScript
• Excellent written and verbal communication skills
• Demonstrable teamwork skills and resourcefulness

• Support the application vulnerability management and mitigation approaches
• Conduct application security reviews through manual code review or static/dynamic code analysis
• Engage in threat modelling and design reviews of in-house developed software components
• Provide security guidance and training to internal development teams
• Triage SCA findings and support internal development teams in SCA findings remediation
• Improve and/or automate existing processes to increase efficiency