Key skills
AngularNode.jsPostgresSQLAWSSecurity toolsCloud experienceThreat assessmentSecurity problem solvingMentoringAIIAMSaaSSDLC
About this role
ClickUp is a company that is architecting the future of work with their innovative AI workspace. They are seeking a Senior Security Engineer, App Security to build a culture of security enablement and work closely with engineering teams to design and implement secure solutions for their platform.
Responsibilities:
- Design, develop and build security features and defenses that protect the entire scope of the ClickUp platform
- Perform threat models, implementation reviews, and security testing; review requirements and designs
- Design and build tools to help with all stages in security prevention, detection, and response; across the full SDLC from code and test, through to deploy and operate
- Embed yourself into existing engineering and product teams, acting as a "security player-coach"
- Build security automation for and into the ClickUp platform; design and build secure-by-default infrastructure and applications
- Monitor and analyze production security events and, as needed, provide in-depth incident analysis
- Build relationships with other engineers, product managers, data engineers, operators, and security team members to enable shipping a secure product
Requirements:
- Multiple years of experience in technology / software development
- Experience with Angular, Node.js, and PostgresSQL; or similar technologies
- An ability to identify and provide a basic assessment of security threats
- An understanding of security problems, paired with an ability to suggest solutions to software design problems
- Cloud and SaaS experience
- Ability to mentor others on technical topics, including security
- Past experience with pushing technical initiatives; team, project, or indirect management of technology
- Can facilitate a conversation rather than dictate it
- 5+ years of software development experience and 1+ year of security-specific experience
- Experience with security tools; SAST, DAST, RASP, dependency checkers, SIEM
- 2 years of AWS experience; IAM and least-privilege architectures