Vulnerability Management Security Engineer - Security Operations
San Francisco, CA, USA
Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systematic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.
As a member of the Slack Security Operations team, you are the first line of defense for all the people and parts that together make up Slack. You get out of bed every morning thinking about new ways to make life miserable for bad actors. You get excited at the prospect of searching for your adversary, teasing out high-quality signal from the all the noise, and developing new ways to solve hard problems. Your work directly impacts the way millions of people, teams and businesses get things done.
Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?
WHAT YOU WILL BE DOING
- Manage Vulnerability Management infrastructure in our production environment for commercial & government Slack environments.
- Leverage Nessus, Twistlock and other tools to perform vulnerability management scans on a regular cadence.
- Perform analysis of scan results and determine criticality ratings for vulnerabilities impacting all production environments.
- As vulnerabilities are surfaced through penetration tests, news, and other reporting, map findings to Slack’s environment to determine risk and outcomes.
- Collaborate with key stakeholders on remediation strategies, provide guidance, and follow through closure.
- Report on and track all open vulnerabilities and key metrics around time to completion.
- Identify potential for and implement automation between Nessus, Twistlock, Slack, JIRA and other relevant tools.
WHAT YOU SHOULD HAVE
- 3-5 years in a vulnerability management engineering role or relevant background
- Experience operating in a production cloud environment, with expertise in at least one of: server, network, cloud, database; AWS admin and configuration management skills preferred.
- Experience tuning, improving and devising efficient scanning workflows across Nessus and Twistlock application stacks.
- Experience communicating and collaborating within an engineering organization to report on and correct vulnerabilities.
- Experience with log or data analysis, extracting salient data points to determine an event’s impact and root cause
- Broad exposure to many security disciplines and deeper understanding of models and principles behind core security concepts
- Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Slack will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.
Slack is registered as an employer in many, but not all, states. If you are not located in or able to work from a state where Slack is registered, you will not be eligible for employment.Visa sponsorship may not be available in certain remote locations.
Visa sponsorship is not available for candidates living outside the country of this position.
Slack is an Equal Opportunity Employer and participant in the U.S. Federal E-Verify program. Women, minorities, individuals with disabilities and protected veterans are encouraged to apply. Slack will consider qualified applicants with criminal histories in a manner consistent with the San Francisco Fair Chance Ordinance.