Apply ->
Security Response Engineer
✨ New
📍 City -
Hybrid or Remote
# of Blk Folks
⏰ Deadline
Black Leadership
Black Founder/CEO
Job Description

ClickUp is the world's only all-in-one productivity platform that flexes to the way people want to work. It replaces all individual workplace productivity tools with a single, unified platform including project management, document collaboration, spreadsheets, chat, goals, and more. On a mission to make the world more productive, ClickUp is headquartered in San Diego and scaling remotely and internationally. As one of the fastest-growing SaaS companies in the world, ClickUp helps millions of users to be more productive and save at least one day every week .🦄

ClickUp is on a mission to make the world more productive. We're saving thousands of individuals one day a week with the fastest-growing productivity app of 2020. We're the breakout momentum leader in every G2 category we're in and ready to take off! Our app is the first of its kind to work for everyone from families to Fortune 500 companies.

We're looking for a Security Response Engineer for a brand-new, engineering-focused security team. We partner with and embed inside of existing product and infrastructure platform teams at ClickUp. This role will be one of the early technical hires focused on a Detection and Response Team (DART) initiative. DART would cover Security Engineering Tooling and Product Security Incident Response Team (PSIRT). You will build, design, and operate tools and processes for security monitoring and triage, incident response, and threat intelligence and detection.

You will work to build a culture of security enablement. Your focus on our infrastructure and product engineers will allow them to build and ship secure products based on Angular, Node.js, and PostgresSQL, all hosted in AWS.

You'll be a strategic partner working directly with various engineering teams across customer support, products and infrastructure, DevOps, security, legal, and business leaders. We're scaling quickly, and are looking for Security Response Engineers who aren't afraid of this challenge.

The Role:

Perform some or all of the following, depending on skill-set:

· Outline and create tools for stages in security prevention, detection, and response; across the full SDLC from code and test, through to deploy and operate.

· Craft and build tooling and capabilities for identifying, detecting, investigating, and responding to security events; practices continuous process improvement and practices to help with scaling and security.

· Be the Incident Commander for security-critical incidents and threats; coordinating multi-functional teams including technology, business, and legal stakeholders.

· Craft and build security policies and runbooks / playbooks; build capabilities to automate or assist with their execution.

· Threat hunting; including product and infrastructure suggestions of ways to make attacks noisy and detectable.

· Supervise, analyze, and triage production security events and, as needed, provide in-depth incident analysis.

· Build relationships with other engineers, product managers, data engineers, operators, and security team members to enable shipping a secure product.

· Connect with technical and non-technical stakeholders in a clear and concise manner.

· Participate in incident response on-call rotations.


· 4+ years of experience in technology.

· 2+ years experience with incident response.

· Proven experience with identifying and providing basic assessments of security threats.

· Cloud and SaaS experience.

· Excellent interpersonal skills with an ability to communicate technical concepts clearly and effectively including during times of crisis.

· Ability to mentor others on technical topics, including security.


· Past experience with pushing technical initiatives; team, project, or indirect management of technology.

· 2+ years of software development experience.

· Can facilitate a conversation rather than dictate it.

· Experience with tabletop exercises or other trainings across business areas to ensure operational readiness.

· Experience with Angular, Node.js, and PostgresSQL; or similar technologies.

· 1 year of AWS experience; Elastic Beanstalk, CloudFormation, Security Hub, Inspector, Cloud Trail, Detective.

· Experience with security tools; SAST, DAST, RASP, dependency checkers, SIEM.

· If you are a software engineer or technical project or product manager who is only starting on learning security, please do apply!