Product Security Engineer ( Remote )

Mattermost, one of Y Combinator's top 100 companies, provides an open source enterprise-grade messaging platform to the world’s leading organizations that allows teams to collaborate securely and privately anywhere. With over 10,000 server downloads / month our customers include Uber, Samsung, Affirm, The US Department of Defense and more. Our private cloud solutions offer secure, configurable, highly-scalable messaging across web, phone and PC with archiving, search, and deep integrations with hundreds of SaaS and on-premises technologies. Headquartered in Palo Alto, California, our company serves customers around the world with a distributed organization spanning the globe.

We value high impact work, ownership, self-awareness and being focused on customer success. If these values match who you are, we hope you'll learn more about working at Mattermost and come talk to us!

About the Role

Working in open source means your work is publicly visible. Your code will receive both credit and constructive critique from the community. With the right mindset and support these can lead to you a highly positive working environment and making the best engineering decisions of your career. Core committers include highly skilled volunteer developers from the community, staff employed by enterprises deploying and investing in Mattermost, as well as staff employed by Mattermost, Inc.

We are looking for an experienced product security engineer with a strong technical background to enhance and develop the security of the Mattermost product and to maintain and extend a security focused culture within the product development teams.


    • Ownership of vulnerability management and mitigation approaches

    • Support threat modeling of in-house developed software components

    • Conduct application security reviews through manual code review or static/dynamic code analysis

    • Architecture and review of security components

    • Provide security training and outreach to internal development teams

    • Develop security guidance documentation

    • Support the development of our application security program

    • Maintain and grow our bug bounty program


    • Bachelor's degree in Computer Science or related fields, or significant professional software development experience

    • Familiarity with common security libraries, security controls, and common security flaws 

    • Experience with static/dynamic analysis, and common exploit tools and methods

    • Experience in one or more programming languages, ideally Go or Javascript

    • Comfortable with using Git

    • Excellent written and verbal communication skills

    • Demonstrable teamwork skills and resourcefulness

    • Linux experience


    • Experience working in open source communities

    • Experience with OWASP SAMM or other security assessment standards

    • Certifications in the domain of penetration testing, or application security (e.g. OSCP, OSWE, GWAPT, …)

    • Experience with Kubernetes / Docker

    • Experience working in open source communities.

    • Participation in Bug Bounties, CTFs or similar activities

We're looking for someone who wants to help us build the future of Mattermost and improve the way the world communicates. The right person in this role has the opportunity to have a huge impact on Mattermost the product, and its many users worldwide, but also on our open source community that has been key to Mattermost's success. If this sounds like you - please apply!

Apply Now

Back to jobs