Senior Security Detection and Response Engineer
Our Security team supports the unwritten fourth tenet of Slack’s mission: make people’s working lives more secure. We’re serious about protecting our infrastructure, operations, and most importantly, our customers’ data. We take a systemic approach to security, and strive to ensure we provide low friction high-impact security across everything we do.
As a member of the Slack Security Detection and Response Team, you are the first line of defense for all the people and parts that together make up Slack. You get out of bed every morning thinking about new ways to make life miserable for bad actors. You get excited at the prospect of searching for your adversary, teasing out high-quality signal from the all the noise, and developing new ways to solve hard problems. Your work directly impacts the way millions of people, teams and businesses get things done.
- Develop, implement and automate strategies, creating and tuning tools and rules for detecting and remediating malicious activity
- Strategically define and implement additional detective capabilities or data sources to improve telemetry
- Detect, respond to, investigate and remediate security events, driving all aspects of an incident to closure
- Work in partnership with other teams at Slack to constantly improve our defensive posture
- Investigate alerts from detective telemetry and tune rules to increase fidelity
- Perform retrospective analysis using network, host, memory, and other artifacts from multiple operating systems and applications
- Participate in enterprise-wide operations to hunt for adaptable and previously unknown threats
- Experience tuning, improving and devising new ways to collect signal, reduce noise, and identify suspicious events in an operational production environment
- Experience with log or data analysis, extracting salient data points to determine an event’s impact and root cause
- Intermediate knowledge of Python and Yara, or similar, and application to security problem sets
- Broad exposure to many security disciplines and deeper understanding of models and principles behind core security concepts
- Experience operating in a production environment, with expertise in at least one of: server, network, cloud, database
- Experience with automating detective capabilities and orchestration tools
- Experience performing network- and host-based forensics
- Strong communication and collaboration skills
Slack is where work happens. It connects you with the people and apps you work with every day, no matter where you are or what you do. We believe everyone deserves to work in a welcoming, respectful, and empathetic culture. We live by our values and hire accordingly.
Launched in February 2014, Slack is the fastest growing business application ever and is used by thousands of teams and millions of users every day. Slack's investors include many of the best-recognized firms in the world, including Accel Partners, Andreessen Horowitz, Social+Capital, KPCB, Google Ventures, Horizons Ventures, IVP, Spark Growth, DST, and Index Ventures. We currently have five offices worldwide, in San Francisco, Vancouver, Dublin, Melbourne and New York.
Ensuring a diverse and inclusive workplace where we learn from each other is core to Slack's values. We welcome people of different backgrounds, experiences, abilities and perspectives. We are an equal opportunity employer and a fun place to work. Come do the best work of your life here at Slack.
Back to top