Senior Security Detection and Response Engineer
Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.
As a member of the Slack Security Detection and Response Team, you are the first line of defense for all the people and parts that together make up Slack. You get out of bed every morning thinking about new ways to make life miserable for bad actors. You get excited at the prospect of searching for your adversary, teasing out high-quality signal from the all the noise, and developing new ways to solve hard problems. Your work directly impacts the way millions of people, teams and businesses get things done.
Slack has a positive, diverse, and supportive culture—we look for people who are curious, inventive, and work to be a little better every single day. In our work together we aim to be smart, humble, hardworking and, above all, collaborative. If this sounds like a good fit for you, why not say hello?
- Develop, implement and automate strategies, creating and tuning tools and rules for detecting and remediating malicious activity
- Strategically define and implement additional detective capabilities or data sources to improve telemetry
- Detect, respond to, investigate and remediate security events, driving all aspects of an incident to closure
- Work in partnership with other teams at Slack to constantly improve our defensive posture
- Investigate alerts from detective telemetry and tune rules to increase fidelity
- Perform retrospective analysis using network, host, memory, and other artifacts from multiple operating systems and applications
- Participate in enterprise-wide operations to hunt for adaptable and previously unknown threats
- Experience tuning, improving and devising new ways to collect signal, reduce noise, and identify suspicious events in an operational production environment
- Experience with log or data analysis, extracting salient data points to determine an event’s impact and root cause
- Intermediate knowledge of Python and Yara, or similar, and application to security problem sets
- Broad exposure to many security disciplines and deeper understanding of models and principles behind core security concepts
- Experience operating in a production environment, with expertise in at least one of: server, network, cloud, database
- Experience with automating detective capabilities and orchestration tools
- Experience performing network- and host-based forensics
- Strong communication and collaboration skills
Back to top