About the Role
As a member of our security team, you will build secure-by-default, defense-in-depth, and least privilege mechanisms throughout our product lifecycle. You will work closely with engineering teams on security best practices from design and architecture to implementation and monitoring. You will have the opportunity to build from the ground up to experiment and innovate with modern software security practices.
Responsibilities
Create paved roads for engineers to develop securely by default and build guardrails for when we veer off course
Conduct regular architecture reviews and code audits to detect potential threats, risks, and vulnerabilities
Harden our CI/CD pipelines and improve the integrity of Clerkβs software artifacts
Contribute to and improve Clerkβs vulnerability management program including vulnerability disclosure, security scans, and penetration tests
Provide guidance and training to teammates on security best practices and building resiliency into our systems
Collaborate with our Infrastructure team to establish secure infrastructure-as-code modules and minimal base container images
Document secure development policies and practices
Qualifications
Proven experience in a software security, application security, or product security role with 5+ years (use this as a gauge, not a hard requirement) of hands-on experience
Strong empathy with the ability to enable engineers to move quickly and securely, ideally having previously worked as a software engineer
Expertise in proactive secure coding practices such as encryption, secrets management, and eliminating vulnerability classes (e.g. in the OWASP Top 10)
Experience with reading and writing code in Go, TypeScript, or similar languages with the ability to dive into codebases, debug, and suggest fixes
Experience with application security tooling (SAST/SCA/DAST/etc.) and building custom queries using Semgrep/CodeQL/etc.
Experience with authentication and authorization protocols such as OAuth, OpenID Connect, and SAML
Familiarity with Supply-chain Levels for Software Artifacts (SLSA)
Familiarity with Cloud infrastructure platforms, preferably GCP
Benefits
π° Competitive Salary β We want you to know that we value the skills and experience you bring to the table. We go out of our way to make sure that you feel fairly compensated.
π Equity Ownership β At Clerk, we believe in shared success. That's why we offer a stock option plan so that everyone can benefit from the growth and prosperity of the company.
βοΈ Health Coverage β We care about your well-being. That's why we offer top-tier health insurance to ensure that your health needs are fully met.
π§ Work Gear - Set up your ideal home office with the gear of your choice. At Clerk, we want to ensure that you have everything you need to perform at your best.
ποΈ Flexible Vacation Policy β We believe in work-life balance and trust you to take the time you need. Although we recommend 25 days per year, our vacation policy is unlimited. This is in addition to observing national holidays specific to your country of residence.
π Diverse and Inclusive Team β Join our exceptional, diverse, and globally distributed team at Clerk. We are committed to fostering an inclusive environment where everyone can contribute their best in building impactful products and tools for the modern web.
Clerk is an equal opportunity employer that is committed to diversity and inclusion in the workplace. We prohibit discrimination and harassment of any kind based on race, color, sex, religion, sexual orientation, national origin, disability, genetic information, pregnancy, or any other protected characteristic as outlined by federal, state, local or national laws.
This policy applies to all employment practices within our organization, including hiring, recruiting, promotion, termination, layoff, recall, leave of absence, compensation, benefits, training, and apprenticeship. Clerk makes hiring decisions based solely on qualifications, merit, and business needs at the time.