Senior Security Engineer, App Security

We're looking for a Software Engineer, AppSec for an engineering-focused security team. We are not the prototypical security team: we partner with and embed inside of existing engineering teams at ClickUp.

The security team at ClickUp works to build and share technology including defensive security features and functionality, secure infrastructure and operational tools, security response tooling and processes, and security guidelines and guardrails. Our mission: to help the organization move swiftly and securely by giving them secure paved paths. When something slips through anyway, we do our best to prioritize only the vulnerabilities that are actually exploitable, and we recommend fixes that empathize with the realities of development here.

You will support this mission by thinking like a developer, recommending solutions they can readily adopt, and implementing our own for areas with heightened risk. Your focus on our product engineers will allow them to build and ship secure products based on Angular, Node.js, and PostgresSQL, all hosted in AWS.

You'll be a strategic partner working directly with various engineering teams helping to design, develop and guide teams to secure solutions. We're scaling quickly, and are looking for Security Engineers who aren't afraid of this challenge!

The Role:

You'll perform some mix of the following depending on your skillset:

1. Perform threat models, implementation reviews, and security testing; review requirements and designs. (This will be your bread and butter that informs the rest of our work.)
2. Keep up with developments in an area of the stack so your recommendations follow existing patterns.
3. Design, develop and build security features and defenses that protect the entire scope of the ClickUp platform.
4. Design and build tools to help with all stages in security prevention, detection, and response; across the full SDLC from code and test, through to deploy and operate.
5. Embed yourself into existing engineering and product teams, acting as a "security player-coach".
6. Build security automation for and into the ClickUp platform; design and build secure-by-default infrastructure and applications.
7. Monitor and analyze production security events and, as needed, provide in-depth incident analysis.
8. Build relationships with other engineers, product managers, data engineers, operators, and security team members to enable shipping a secure product.

Qualifications:

1. Multiple years of experience in technology / software development.
2. Experience with Angular, Node.js, and PostgresSQL; or similar technologies.
3. An ability to identify and provide a basic assessment of security threats.
4. An understanding of security problems, paired with an ability to suggest solutions to software design problems.
5. Cloud and SaaS experience.
6. Ability to mentor others on technical topics, including security.

Desirable:

1. Past experience with pushing technical initiatives; team, project, or indirect management of technology.
2. Can facilitate a conversation rather than dictate it.
3. 5+ years of software development experience and 1+ year of security-specific experience.
4. Experience with security tools; SAST, DAST, RASP, dependency checkers, SIEM.
5. 2 years of AWS experience; IAM and least-privilege architectures.

If you are a software engineer who is only starting to learn security, please do apply!

#LI-REMOTE

#LI-MAV