As a Senior Product Security Engineer, you will ensure product security, manage vulnerabilities, conduct security reviews, and provide guidance to development teams.
At Mattermost, we build the #1 collaborative workflow solution for defense, intelligence, security, and critical infrastructure organizations. Trusted by governments, financial institutions, and technology companies, our platform enables secure, efficient operations for the world’s most critical teams.
We’re dedicated to empowering organizations to operate with confidence, reducing risks, and accelerating productivity. Guided by our core values of Customer Obsession, Earn Trust, Self Awareness, Ownership and High Impact, we collaborate closely with our customers to deliver solutions that meet complex needs and drive success.
To learn more, visit www.mattermost.com
Mattermost is seeking a result-driven and analytical Senior Product Security Engineer to help ensure the security of our product and services across the company. As part of our Security team you will work closely with a globally distributed team to support in all the different aspects of the software development life cycle. You will be responsible for the implementation of additional application security tooling and/or processes across the company and coordinate with relevant stakeholders, gather requirements, and lead the implementation.
Responsibilities Include:
- Support the application vulnerability management and mitigation approaches
- Conduct application security reviews through manual code review or static/dynamic code analysis
- Engage in threat modeling and design reviews of in-house developed software components
- Provide security guidance and training to internal development teams
- Triage SCA findings and support internal development teams in SCA findings remediation
- Improve and/or automate existing processes to increase efficiency.
Requirements:
- BS in Computer Science, Cybersecurity, Software Engineering, or a related technical field, or equivalent experience, with 5+ years of relevant experience
in application security, secure software development, or penetration testing. - Deep understanding of web application security and secure development practices
- Deep understanding with common security libraries, security controls, and common security flaws
- Experience with Threat Modeling applications
- Experience with static/dynamic analysis, and common exploit methods
- Experience in one or more programming languages, ideally Go or Javascript
- Excellent written and verbal communication skills
- Demonstrable teamwork skills and resourcefulness
- For candidates residing in the U.S.: This role may require the ability to obtain and maintain a U.S. government security clearance in the future. As such, U.S. applicants must be U.S. citizens and eligible under applicable clearance requirements.
- Applicants must meet eligibility requirements for access to export-controlled information as defined by U.S. export control laws, including EAR and ITAR.
Preferences:
- Experience working in open source communities
- Experience running a bug bounty program
- Certifications in the domain of penetration testing or application security (e.g. OSCP, OSWE, GWAPT, …)
- Experience with Electron, React or React Native
- Participation in Bug Bounties, CTFs or similar activities
Mattermost takes a market-based approach to pay and pay may vary depending on your location. The successful candidate’s starting pay will be determined based on job-related skills, experience, qualifications, work location, and market conditions. These ranges may be modified in the future.
Salary Range
$135,000—$220,000 USD
Mattermost is an EEO Employer, we are a remote-first, open-source company.
We are continually working to expand our hiring in more countries and regions, ensuring compliance with local laws and regulations, which takes time.
Mattermost values your unique perspective—we welcome all applicants. We encourage individuals from all backgrounds to apply and are committed to assessing candidates based on their skills and qualifications. We do not tolerate discrimination against staff or applicants based on race, religion, national origin, age, disability, pregnancy status, veteran status, or other personal characteristics.
If you require accommodations during the interview process, please let us know—we’re happy to assist.
Top Skills
Application Security Tooling
Dynamic Analysis
Go
JavaScript
Security Libraries
Static Analysis
Similar Jobs
Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
As a Security Engineer, you will design and implement security controls, assess risks, and manage security initiatives across software supply chains to protect CrowdStrike's products and customers.
Top Skills:
Argo CdArtifactoryBitbucketDatadogGitGoJavaScriptJenkinsLinuxLogscalePrometheusPythonRest ApisS3ShellSplunkTlsUnix
Cloud • Information Technology • Productivity • Security • Software • App development • Automation
The Senior Product Security Engineer will enhance security in Atlassian's products, mentor teams, and promote security best practices across the software development lifecycle.
Top Skills:
Ai CapabilitiesApplication SecurityCloud Security ArchitectureGoJavaPythonScripting Languages
Artificial Intelligence • Cloud • HR Tech • Information Technology • Productivity • Software • Automation
Lead strategic initiatives in secure product development, perform security audits, and provide guidance for secure configurations to reduce risk.
Top Skills:
JavaJavaScriptPython
What you need to know about the Boston Tech Scene
Boston is a powerhouse for technology innovation thanks to world-class research universities like MIT and Harvard and a robust pipeline of venture capital investment. Host to the first telephone call and one of the first general-purpose computers ever put into use, Boston is now a hub for biotechnology, robotics and artificial intelligence — though it’s also home to several B2B software giants. So it’s no surprise that the city consistently ranks among the greatest startup ecosystems in the world.
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories
