Senior Security Engineer

Strong grasp of core security principles and common vulnerability classes. Strong knowledge of network and cloud security, particularly AWS. Demonstrable offensive security experience (pentest, bug bounty, or research). Tooling fluency in common pentesting tools (nmap, nuclei, mitmproxy, Burp, ffuf, etc). Ability to script your own pentesting tools. Proficiency in at least one of Python, Rust, TypeScript, or Go. Experience working with software teams to help them embed security practices into their workflows.

Contribute to the continuous penetration testing programme for Element and Matrix.org infrastructure. Own vulnerability management: triage, prioritisation, and remediation guidance. Embed security into CI/CD and infrastructure-as-code workflows. Partner with engineering teams to raise security awareness and embed best practices. Conduct security research to identify novel vulnerabilities in infrastructure and code. Triage external vulnerability reports and coordinate responses/advisories. Deliver customer-facing security features (e.g. SBOMs, advisories). Review and support secure development in Python, Rust, TypeScript and Go. Support Compliance by implementing and evidencing security controls. Contribute to protocol analysis and development with Matrix.org Foundation staff.