Clerk

Product Security Engineer

Remote

Not SpecifiedCompensation
InternshipExperience Level
Full TimeJob Type
UnknownVisa
Cybersecurity, Software Security, Product SecurityIndustries

Position Overview

  • Location Type: Remote
  • Job Type: Full-Time
  • Salary: Competitive (Details not provided)

As a member of our security team, you will build secure-by-default, defense-in-depth, and least privilege mechanisms throughout our product lifecycle. You will work closely with engineering teams on security best practices from design and architecture to implementation and monitoring. You will have the opportunity to build from the ground up to experiment and innovate with modern software security practices.

Requirements

  • Experience: 7+ years of hands-on experience in software security, application security, or product security.
  • Programming Languages: Strong proficiency in Go, TypeScript, or similar languages. Ability to read, write, debug, and suggest fixes in codebases.
  • Security Practices: Expertise in proactive secure coding practices such as encryption, secrets management, and eliminating vulnerability classes (e.g., in the OWASP Top 10).
  • Tooling: Experience with application security tooling (SAST/SCA/DAST/etc.) and building custom queries using Semgrep/CodeQL/etc.
  • Protocols: Familiarity with authentication and authorization protocols such as OAuth, OpenID Connect, and SAMLF.
  • SLSA: Familiarity with Supply-chain Levels for Software Artifacts (SLSA).
  • Cloud Infrastructure: Familiarity with Cloud infrastructure platforms, preferably GCP.

Responsibilities

  • Create paved roads for engineers to develop securely by default and build guardrails for when we veer off course.
  • Conduct regular architecture reviews and code audits to detect potential threats, risks, and vulnerabilities.
  • Harden our CI/CD pipelines and improve the integrity of Clerk’s software artifacts.
  • Contribute to and improve Clerk’s vulnerability management program including vulnerability disclosure, security scans, and penetration tests.
  • Provide guidance and training to teammates on security best practices and building resiliency into our systems.
  • Collaborate with our Infrastructure team to establish secure infrastructure-as-code modules and minimal base container images.
  • Document secure development policies and practices.

Application Instructions

Application instructions not provided in the job description.

Company Information

  • Benefits:
    • Competitive Salary
    • Equity Ownership
    • Health Coverage
    • Work Gear (Set up your ideal home office)
    • Flexible Vacation Policy (25 days per year recommended)

Skills

Go
TypeScript
Application Security
SAST
SCA
DAST
Semgrep
CodeQL
OAuth
OpenID Connect
SAML
Encryption
Secrets Management
Vulnerability Management
CI/CD Security
Security Architecture
Penetration Testing

Clerk

Authentication and user management platform

About Clerk

Clerk specializes in offering customizable UIs and APIs for authentication and user management, catering specifically to modern web frameworks like React and Next.js. This focus not only simplifies the authentication process for developers but also enhances security, highlighting the company's dedication to developer experience and robust security measures. Working here means contributing to a company that prides itself on streamlining complex tech processes while prioritizing the safety and usability of web applications—a prime choice for professionals passionate about cutting-edge web technology and user-centric solutions.

Virginia Gardens, FloridaHeadquarters
2019Year Founded
$194.5KTotal Funding
SEEDCompany Stage
Enterprise Software, CybersecurityIndustries
501-1,000Employees

Benefits

Competitive salary and equity
Gear of your choice for your home office
Unlimited vacation policy - 25 days recommended per year plus national holidays in your country of residence. Take time when you need i

Risks

Emerging startups offer similar services at lower costs, increasing competition.
Potential vulnerabilities in third-party integrations could expose user data.
Regulatory scrutiny over data privacy practices may impact operations in strict regions.

Differentiation

Clerk offers a comprehensive sign-up and sign-in solution for websites.
Focus on multi-factor authentication enhances user account security against hacking threats.
Device management features provide users control over their account security.

Upsides

Passwordless authentication is gaining traction, enhancing security and user experience.
Global MFA market is projected to reach $20 billion by 2025, boosting demand.
Zero Trust security model adoption increases need for Clerk's verification solutions.

Land your dream remote job 3x faster with AI