The Product Security Engineer will ensure the security of products, manage vulnerabilities, conduct reviews, provide training, and automate processes.
At Mattermost, we build the #1 collaborative workflow solution for defense, intelligence, security, and critical infrastructure organizations. Trusted by governments, financial institutions, and technology companies, our platform enables secure, efficient operations for the world’s most critical teams.
We’re dedicated to empowering organizations to operate with confidence, reducing risks, and accelerating productivity. Guided by our core values of Customer Obsession, Earn Trust, Self Awareness, Ownership and High Impact, we collaborate closely with our customers to deliver solutions that meet complex needs and drive success.
To learn more, visit www.mattermost.com
Mattermost is seeking a results-driven and analytical Product Security Engineer to help ensure the security of our product and services across the company. As part of our Security team, you will work closely with a globally distributed team to support all aspects of the software development life cycle. You will be responsible for the implementation of additional application security tooling and/or processes across the company, coordinating with relevant stakeholders, gathering requirements, and leading the implementation.
Responsibilities Include:
- Support the application vulnerability management and mitigation approaches
- Conduct application security reviews through manual code review or static/dynamic code analysis
- Engage in threat modelling and design reviews of in-house developed software components
- Provide security guidance and training to internal development teams
- Triage SCA findings and support internal development teams in SCA findings remediation
- Improve and/or automate existing processes to increase efficiency
Requirements:
- Bachelor’s degree in Computer Science, Cybersecurity, Software Engineering, or a related technical field, or equivalent experience, with 3+ years of relevant experience in application security, secure software development, or penetration testing
- Understanding of web application security and secure development practices
- Familiarity with common security libraries, security controls, and common security flaws
- Experience with static/dynamic analysis, and common exploit methods
- Experience in one or more programming languages, ideally Go or JavaScript
- Excellent written and verbal communication skills
- Demonstrable teamwork skills and resourcefulness
- For candidates applying in Canada: You must have the permanent right to live and work in Canada at the time of application. Please note that we are unable to provide visa sponsorship for this role.
Preferences:
- Experience working in open-source communities
- Experience running a bug bounty programme
- Experience with Threat Modelling applications
- Certifications in the domain of penetration testing or application security (e.g., OSCP, OSWE, GWAPT, etc.)
- Experience with Electron, React, or React Native
- Participation in Bug Bounties, CTFs, or similar activities
Mattermost takes a market-based approach to pay and pay may vary depending on your location. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.
Mattermost is an EEO Employer, we are a remote-first, open-source company.
We are continually working to expand our hiring in more countries and regions, ensuring compliance with local laws and regulations, which takes time.
Mattermost values your unique perspective—we welcome all applicants. We encourage individuals from all backgrounds to apply and are committed to assessing candidates based on their skills and qualifications. We do not tolerate discrimination against staff or applicants based on race, religion, national origin, age, disability, pregnancy status, veteran status, or other personal characteristics.
If you require accommodations during the interview process, please let us know—we’re happy to assist.
Top Skills
Go
JavaScript
Similar Jobs
Cloud
As a Staff Product Security Engineer, you'll enhance application security, manage DevSecOps tools, automate security checks, and ensure timely remediation of vulnerabilities.
Top Skills:
AWSCi/CdDastDevsecopsIacPythonSast
Automotive • Big Data • Information Technology • Robotics • Software • Transportation • Manufacturing
The Retail Simplification Manager will identify process inefficiencies, engage stakeholders, and implement strategies for simplification, improving overall efficiency.
Top Skills:
ExcelPowerPoint
Automotive • Big Data • Information Technology • Robotics • Software • Transportation • Manufacturing
The District Service Manager oversees dealership liaising, business plan execution, and compliance with service policies to enhance customer experiences. Responsibilities include training, audits, and collaboration with dealership staff.
What you need to know about the Vancouver Tech Scene
Raincouver, Vancity, The Big Smoke — Vancouver is known by many names, and in recent years, it has gained a reputation as a growing hub for both tech and sustainability. Renowned for its natural beauty, the city has become a magnet for professionals eager to create environmental solutions, and with an emphasis on clean technology, renewable energy and environmental innovation, it's attracted companies across various industries, all working toward a shared goal: advancing clean technology.
