Product Security Engineer
Calendly- Internship
- Mid-level (3 to 4 years), Senior (5 to 8 years)
Candidates should possess proven experience in software security, application security, or product security roles with at least 7 years of hands-on experience, strong empathy, and expertise in proactive secure coding practices such as encryption, secrets management, and eliminating vulnerability classes. They should also have experience with reading and writing code in Go, TypeScript, or similar languages, along with familiarity with application security tooling (SAST/SCA/DAST/etc.) and experience with authentication and authorization protocols like OAuth, OpenID Connect, and SAMLFamiliarity with Supply-chain Levels for Software Artifacts (SLSA) and Cloud infrastructure platforms, preferably GCP.
The Product Security Engineer will create paved roads for engineers to develop securely by default and build guardrails, conduct regular architecture reviews and code audits to detect potential threats and vulnerabilities, harden CI/CD pipelines, contribute to and improve the vulnerability management program, provide guidance and training to teammates on security best practices, collaborate with the Infrastructure team to establish secure infrastructure-as-code modules, document secure development policies and practices, and ultimately ensure the integrity of Clerk’s software artifacts.
Authentication and user management platform
Clerk specializes in offering customizable UIs and APIs for authentication and user management, catering specifically to modern web frameworks like React and Next.js. This focus not only simplifies the authentication process for developers but also enhances security, highlighting the company's dedication to developer experience and robust security measures. Working here means contributing to a company that prides itself on streamlining complex tech processes while prioritizing the safety and usability of web applications—a prime choice for professionals passionate about cutting-edge web technology and user-centric solutions.