Product Security Engineer, Clerk

Salary not provided

+ Equity

TypeScript

GCP

Senior and Expert level

Remote in EU, US

Identity tool for React applications

Job no longer available

Identity tool for React applications

21-100 employees

B2BSaaSCyber SecurityIdentityWeb Design

Job no longer available

Salary not provided

+ Equity

TypeScript

GCP

Senior and Expert level

Remote in EU, US

21-100 employees

B2BSaaSCyber SecurityIdentityWeb Design

Company mission

To solve user management so developers can stop re-inventing the wheel and focus on their core business.

Job

Company

Role

Who you are

Proven experience in a software security, application security, or product security role with 7+ years (use this as a gauge, not a hard requirement) of hands-on experience
Strong empathy with the ability to enable engineers to move quickly and securely, ideally having previously worked as a software engineer
Expertise in proactive secure coding practices such as encryption, secrets management, and eliminating vulnerability classes (e.g. in the OWASP Top 10)
Experience with reading and writing code in Go, TypeScript, or similar languages with the ability to dive into codebases, debug, and suggest fixes
Experience with application security tooling (SAST/SCA/DAST/etc.) and building custom queries using Semgrep/CodeQL/etc
Experience with authentication and authorization protocols such as OAuth, OpenID Connect, and SAML
Familiarity with Supply-chain Levels for Software Artifacts (SLSA)
Familiarity with Cloud infrastructure platforms, preferably GCP

What the job involves

As a member of our security team, you will build secure-by-default, defense-in-depth, and least privilege mechanisms throughout our product lifecycle
You will work closely with engineering teams on security best practices from design and architecture to implementation and monitoring
You will have the opportunity to build from the ground up to experiment and innovate with modern software security practices
Create paved roads for engineers to develop securely by default and build guardrails for when we veer off course
Conduct regular architecture reviews and code audits to detect potential threats, risks, and vulnerabilities
Harden our CI/CD pipelines and improve the integrity of Clerk’s software artifacts
Contribute to and improve Clerk’s vulnerability management program including vulnerability disclosure, security scans, and penetration tests
Provide guidance and training to teammates on security best practices and building resiliency into our systems
Collaborate with our Infrastructure team to establish secure infrastructure-as-code modules and minimal base container images
Document secure development policies and practices

Our take

Authentication is only part of the story when it comes to user management. Developers using API tools also face the complex UI and management issues of additional features like user sign-up, sign-in, and session management, to name a few. Clerk was founded to make this simpler, reducing hours of work to minutes using pre-built React components.

Clerk stands out in a market dominated by the likes of Auth0 and OneSpan with its focus on React rather than API. This taps into a growing number of developers working with Jamstack rather than trying to wrestle customers away from market incumbents - a smart move which has seen its userbase swell by five times, growing to over a million developers.

This rapid growth has attracted investors, and Clerk has recently closed a Series A round. This funding is being used to scale the business with a focus on hiring engineering, sales and product talent. As account security and management will continue to be a major focus for developers going forward, Clerk is well positioned to grow into a major player in this space.

Steph

Company Specialist at Welcome to the Jungle

Insights

Top investors

Few candidates hear
back within 2 weeks

Company

Funding (last 2 of 6 rounds)

Jan 2024

$30m

SERIES B

Mar 2023

$15m

SERIES A

Total funding: $59m

Company benefits

Stock option plan. We're all in this together!
Gear of your choice for your home office
Unlimited vacation policy - 25 days recommended per year plus national holidays in your country of residence. Take time when you need it
Be part of a diverse, and exceptional team to build an impactful product for the modern web

Company HQ

Design District, San Francisco, CA

Articles

Clerk raises $4 million to build the next-gen authentication and user management platform for developers

What Does the Future Look Like for the Authentication Services Market?

Clerk is simplifying identity for front-end web developers

Leadership

Colin Sidoti

(Lead Clerk)

Previously a web developer with We-Care.com, who then moved into an independent consulting role before co-founding and serving as CTO at Harbor Inc.

Braden Sidoti

(CTO)

Has held various engineering and developer roles, including at Fuzz Productions, hostess.fm, and Inspirato.

Share this job

View 1 more job at Clerk