Key skills
GoiOSAndroidOWASPPenetration Testing
About this role
Tailscale is building the new Internet by delivering software that makes it easy to securely interconnect people and their devices. They are seeking a talented software engineer specializing in security and privacy to grow their product security team, focusing on improving security properties and supporting engineering decisions with threat modeling and security analysis.
Responsibilities:
- Improve the security properties of Tailscale by identifying opportunities for security and privacy features, bug fixes, and defense-in-depth, and implementing them across our codebase
- Audit Tailscale features for technical security weaknesses, identifying mitigations or solutions, and driving them towards resolution
- Support engineering decisions with threat modeling and security analysis and expertise
- You will spend at least 50% of your time in this role writing software vs purely operational or governance security responsibilities
Requirements:
- Proficiency developing in at least one programming language (Tailscale uses Go)
- Proficiency developing for at least one application platform (e.g. iOS, Android, web, Windows, macOS, Linux)
- Prior experience in a safety-related technical role, e.g.: application security or application platform security, penetration testing, threat modeling and prioritization, user experience design or research, digital forensics and incident response
- Deep understanding of web application vulnerabilities (e.g., OWASP Top 10), client-side security, and common API security flaws
- Collaborate with engineering teams to promote secure coding practices and provide targeted security guidance and training
- Knowledge of cryptographic primitives and protocols
- Knowledge of common networking protocols
- Ability to give and process constructive feedback
- Ability to work independently and collaboratively
- Flexibility to adjust to the dynamic nature of a startup
- Take a risk-based approach to building security controls, balancing your security expertise and broad technical skillsets with practical, usable solutions