Senior Staff Software Engineer, SecOps - Slack

Our security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security and strive to provide a low friction, high-impact security model across everything we do.

Slack Security Engineering is hiring a curious Senior Staff level blue team software engineer to help to drive our threat detection program and to collaborate on our development efforts. An interest in development, operations, curiosity, and a deep desire to learn are key to a successful member of the team.

You will work directly on the Slack Security Engineering team with a focus on threat detection, logging, and remediation. We know that no system is perfect, but we aim to provide a record of all actions taken in our environment to address any unknowns.

We’d like you to have experience in some element of Data Science / ML work - the likely result here is that you start with some simple ML models for anomaly detection, and go from there. Our eventual goal is to use LLMs to advance our alerting capabilities and even train classification/clustering models specifically on our data to generate sophisticated alerts and build a feedback loop that learns on its own.

The ideal candidate is passionate about finding IOCs and suggesting new features and methods of detection to the broader team of software developers. If you can imagine it, we can write the detection with you. Do you have experience with APT tradecraft and threat intel? Please come knock on our door.

Many of the current members of this dozen-person team are multidisciplinary engineers; they do SecDevOps sorts of things, they write Go, they write Python, and they scale Elasticsearch to some very interesting and precarious new heights. We’re cautious AI adopters, but we are finding benefit from actively using modern AI tooling like Cursor to accelerate our efforts.

This posting is to grow our US-based, widely distributed SecOps contingent which works closely with our additional Melbourne & Auckland team. We’re eager to communicate and collaborate often (over Slack, of course!), and get to see each other’s faces in very regular Zoom coworking times. You’ll join the rest of the team in our on-call rotation, and we also strongly look for you to grow your engineering participation at Slack more broadly!

Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking, and above all, collaborative.

If this sounds like a good fit for you, why not say “hello?”

• Identify and develop new features and a roadmap to augment existing tools to protect Slack’s production infrastructure and to help make our business lives simpler, more pleasant, more productive, and more secure

• Detect threats and help Slack be more secure

• Help to develop eBPF tooling and author detections therein

• Creatively scale and operate the infrastructure and tools that handle millions of events per second

• Respond in our on-call rotation to fix services we run and investigate potential threats

• Curiosity and creativity. You want to know why something happened, not just that it happened. We have a lot of ideas, but are hopeful that your perspective will push us all forward together to deeper understanding.

• A desire to empower your coworkers. This is a role afforded the latitude to define workstreams, and entrusted to approach engineering problems as an art form. You want the solutions you collaborate on to be easy to maintain and you take pride in the quality of your work.

• Motivation to solve problems, not to patch over quick fixes. Being on-call shouldn’t be a burden to team members. If it ever is, fixing it is our highest priority.

• Eagerness to collaborate across the company. We seek to further our approachable and inclusive team ethos. As a software development team first, we are aligned and working with the rest of engineering.

• Broad exposure to various security disciplines and deep understanding of models and reasons behind core security concepts such as MFA, ZeroTrust, and securely managing secrets or tokens.

• AWS — We run almost everything here, so existing proficiency is a plus, but we can teach you if you’re more comfortable with another provider

• Elasticsearch / Kibana — you can readily access information and love metrics

• Google Chronicle/SecOps - Experience with this SIEM would help you to understand how to manage events