Senior Security Engineer at Rocket.Chat

This position is for applicants in Latin America. 

We are looking for a full-time highly skilled and dedicated Senior Security Engineer to join our cybersecurity team in our mission to make Rocket.Chat the most secure Enterprise communication platform for our millions of users. 

As a Senior Security Engineer, you will be responsible for implementing and maintaining robust security measures to safeguard our organization's critical assets from cyber threats. You will play a crucial role in identifying security vulnerabilities, analyzing security incidents, and proactively implementing security controls to protect our infrastructure, applications, and data.

Mandatory Hard Skills 🎯

• Fluent English;
• Understanding of secure architecture of JavaScript web applications;
• Familiar with common security libraries, security controls, and common security flaws that apply to JavaScript applications;
• Ability to discover and patch XSS, CSRF, SSRF, authentication and authorization flaws, and other web-based security vulnerabilities (OWASP Top 10 and beyond);
• Knowledge of common authentication technologies including OAuth, SAML, OTP/TOTP;
• Knowledge of browser-based security controls such as CSP, HSTS, and XFO;
• Experience in identifying and reducing security risks in our code;
• Experience in finding and replacing outdated and vulnerable code and code libraries;
• Ability to professionally handle communications with outside researchers, users, and customers;
• Ability to communicate clearly on technical issues.

Desirable Hard Skills 💕 

•  Knowledge of Meteor framework is a plus;

Soft Skills ✨

• Communication
• Collaboration
• Critical thinking
• Presentation skills

What You'll Do 🖥️

• Design and implement a comprehensive vulnerability management program to identify and assess security weaknesses in our systems and applications;
• Conduct regular vulnerability scans, penetration tests, and security assessments to evaluate the organization's security posture;
• Collaborate with cross-functional teams to prioritize and remediate identified vulnerabilities, ensuring timely resolution;
• Track and monitor the progress of vulnerability remediation efforts and provide regular status updates to management;
• Lead application security reviews, code reviews, and threat modelling exercises to identify potential security issues during the software development lifecycle;
• Develop and enforce secure coding practices, guidelines, and standards for developers to follow;
• Work closely with development teams to integrate security measures and best practices into the software development process;
• Conduct security testing of applications, APIs, and web services to detect and address security vulnerabilities;
• Consult with other Developers and Product Managers to analyze and propose application security standards, methods, and architectures;
• Handle communications with independent vulnerability researchers (from our bug bounty program and other sources) and design appropriate mitigation strategies for reported vulnerabilities;
• Educate other developers on secure coding best practices.