Senior Security Architect

Rocket.Chat

Remote
  • Job Type: Full-Time
  • Function: IT
  • Post Date: 05/28/2021
  • Website: rocket.chat
  • Company Address: 2711 Centerville Rd, 400, Wilmington, Delaware 19808, US

About Rocket.Chat

Rocket.Chat is a fast-growing enterprise communication and collaboration platform that is now installed on over 500k servers and counts over 12m users worldwide as well as having an active, passionate community of over 1k developer-contributors who help Rocket.Chat’s core team of developers to constantly improve the product. Rocket.Chat’s long-term vision is to replace email with a real-time federated communications platform and to establish a marketplace that will nurture app-building and offer services to enable businesses to be built using Rocket.Chat.

Job Description

We are looking for a Senior Security Architect to join us in our mission to make Rocket.Chat the most secure Enterprise communication platform for our millions of users.

You will be responsible for how our product line is developed and architected following best-in-class security practices. 

What you’ll do

As part of our growing security team, you will:

 
  • Develop security training and guidance to internal development teams

  • Maintain handbooks about best security practices

  • Provide subject matter expertise on architecture, authentication and system security

  • Assess security tools and integrate tools as needed into the development process, particularly open-source tools

  • Manage and grow the bug bounty program

  • Help review most important features and security fixes

 

What’s required

Have an excellent understanding of secure architecture of Javascript web applications. You work in an international team, so fluent English is essential! This position is open for remote work, so there’s no location requirement.

 

More specifically, we are looking for:

  • Familiar with common security libraries, security controls, and common security flaws that apply to Javascript applications. Knowledge of Meteor framework is beneficial.

  • Ability to discover and patch XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond).

  • Knowledge of common authentication technologies including OAuth, SAML, OTP/TOTP.

  • Knowledge of browser-based security controls such as CSP, HSTS, XFO.

  • There should also be time to participate in development of Rocket.Chat.

  • Code quality

    • Proactively identify and reduce security risks.

    • Find and remove outdated and vulnerable code and code libraries.

  • Communication

    • Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures.

    • Handle communications with independent vulnerability researchers from our Hackerone program and design appropriate mitigation strategies for reported vulnerabilities.

    • Educate other developers on secure coding best practices.

    • Ability to professionally handle communications with outside researchers, users, and customers.

    • Ability to communicate clearly on technical issues.

  • Performance & Scalability

    • An understanding of how to write code that is not only secure but scales to a large number of users and systems

 

Other skills we’re looking for are:

  • Ownership in what you do / working without close supervision;

  • Get Things Done-attitude;

  • Analytical problem solving;

Benefits

Wherever you are our goal is to make your routine as a Rocketeer feel enjoyable, exciting and comfortable, so if you are remote or working from our office in Porto Alegre (Brazil) you’ll receive a set of benefits to improve your work experience! They include: flexible schedule, fun colleagues on 4 continents and a vibrant company culture, celebrations and Happy Hours, no dress code, remote work as you wish, unlimited Paid Time Off and English and tech courses.

About Rocket.Chat

Today one of the largest open source projects in the world with more than 1000 developers, Rocket.Chat has advanced as a platform that empowers people to collaborate with others, while empowering individual teams to fully customize their platform to meet their unique needs.

 

As Rocket.Chat we believe in collaborating to create a more collaborative world! See yourself in that? So apply now!

Related Jobs

B2B Communications & PR Specialist

Rocket.Chat - Remote

DevOps and Deployment Specialist

Rocket.Chat - Remote

Infrastructure DevOps Engineer

Rocket.Chat - Remote

PreSales Engineer (EMEA)

Rocket.Chat - Remote

Senior Front End developer (Omnichannel Team)

Rocket.Chat - Remote
Disclaimer: Local Candidates Only
This company does NOT accept candidates from outside recruiting firms. Agency contacts are not welcome.