Product Security Engineer, Clerk
+ Equity
Identity tool for React applications
Open for applications
Identity tool for React applications
101-200 employees
Open for applications
+ Equity
101-200 employees
Company mission
To solve user management so developers can stop re-inventing the wheel and focus on their core business.
Role
Who you are
- Proven experience in a software security, application security, or product security role with 7+ years (use this as a gauge, not a hard requirement) of hands-on experience
- Strong empathy with the ability to enable engineers to move quickly and securely, ideally having previously worked as a software engineer
- Expertise in proactive secure coding practices such as encryption, secrets management, and eliminating vulnerability classes (e.g. in the OWASP Top 10)
- Experience with reading and writing code in Go, TypeScript, or similar languages with the ability to dive into codebases, debug, and suggest fixes
- Experience with application security tooling (SAST/SCA/DAST/etc.) and building custom queries using Semgrep/CodeQL/etc
- Experience with authentication and authorization protocols such as OAuth, OpenID Connect, and SAML
- Familiarity with Supply-chain Levels for Software Artifacts (SLSA)
- Familiarity with Cloud infrastructure platforms, preferably GCP
What the job involves
- As a member of our security team, you will build secure-by-default, defense-in-depth, and least privilege mechanisms throughout our product lifecycle
- You will work closely with engineering teams on security best practices from design and architecture to implementation and monitoring
- You will have the opportunity to build from the ground up to experiment and innovate with modern software security practices
- Create paved roads for engineers to develop securely by default and build guardrails for when we veer off course
- Conduct regular architecture reviews and code audits to detect potential threats, risks, and vulnerabilities
- Harden our CI/CD pipelines and improve the integrity of Clerk’s software artifacts
- Contribute to and improve Clerk’s vulnerability management program including vulnerability disclosure, security scans, and penetration tests
- Provide guidance and training to teammates on security best practices and building resiliency into our systems
- Collaborate with our Infrastructure team to establish secure infrastructure-as-code modules and minimal base container images
- Document secure development policies and practices
Our take
Authentication is only part of the story when it comes to user management. Developers using API tools also face the complex UI and management issues of additional features like user sign-up, sign-in, and session management, to name a few. Clerk was founded to make this simpler, reducing hours of work to minutes using pre-built React components.
Clerk stands out in a market dominated by the likes of Auth0 and OneSpan with its focus on React rather than API. This taps into a growing number of developers working with Jamstack rather than trying to wrestle customers away from market incumbents - a smart move which has seen its userbase swell by five times, growing to over a million developers.
This rapid growth has attracted investors, and Clerk closed a Series B round in 2024. This funding is being used to expand the company's services into authorisation - determining a user's permissions as opposed to simply identifying them. As account security and management will continue to be a major focus for developers going forward, Clerk is well positioned to grow into a major player in this space, especially as it continues to expand its product range.
Steph
Company Specialist at Welcome to the Jungle
Company
Funding (last 2 of 6 rounds)
Jan 2024
$30m
SERIES B
Mar 2023
$15m
SERIES A
Total funding: $59m
Company benefits
- Stock option plan. We're all in this together!
- Gear of your choice for your home office
- Unlimited vacation policy - 25 days recommended per year plus national holidays in your country of residence. Take time when you need it
- Be part of a diverse, and exceptional team to build an impactful product for the modern web
Company HQ
Design District, San Francisco, CA
Leadership
Colin Sidoti
(Lead Clerk & Co-Founder)Previously a web developer with We-Care.com, who then moved into an independent consulting role before co-founding and serving as CTO at Harbor Inc.
Braden Sidoti
(CTO & Co-Founder)Has held various engineering and developer roles, including at Fuzz Productions, hostess.fm, and Inspirato.
Share this job
View 1 more job at Clerk