Lead Security Researcher and Developer

Job description

Rocket.Chat is looking for a Lead Security Researcher and Developer for the various initiatives that relate to improving Rocket.Chat's security. As the security leader your job will consist of implementing security best practices as well as certifying Rocket.Chat in the various security initiatives, such as HIPAA, Privacy Shield and Cloud Security Alliance, among others.

Rocket.Chat is more than your average company, we are the leading open source team chat platform. When you choose Rocket.Chat, you become part of a global community comprised of a core team, hundreds of open source developers and testers and millions of users.

Rocket.Chat was created in 2015 and later became a company in 2016. Since the beginning our core values have been intrinsically connected to innovation. We have an open mind and accept mistakes, but we get it done, we finish everything we start by taking responsibility and having freedom to try different things. We are happy and have fun doing what we do. We believe in ethics and transparency and we are good people. We think big and take risks, we do not accept things as they are. Last but not least we are committed to our activities and goals, whenever we do something, we do it well done and with quality.

We are building the future of communication and would love to build it with you. Join the largest and most active open source team chat community today.


  • Find and fix security issues in Rocket.Chat
  • Certify Rocket.Chat for various security initiatives
  • Define, implement, and monitor best practices
  • Manage our Hackerone account
  • Perform vulnerability testing, risk analyses, and security assessments
  • Collaborate with colleagues on authentication, authorization and encryption solutions
  • Write documentation around how to maintain a high-level of security
  • Participate in hiring security engineers for your team


  • Experience with securing SaaS environments
  • Experience with HIPAA, Cloud Security Alliance, FINRA, ISO or other certification authorities compliance requirements
  • Experience mitigating and addressing threat vectors including Advanced Persistent Threat (APT), Distributed Denial of Service (DDoS), Phishing, Malicious Payloads, Malware, and in create internal security plans, documentations and tests
  • Familiarity¬†with Splunk, Log Stash or other log management systems
  • Knowledge of hacker methodologies and tactics, system vulnerabilities and key indicators of attacks, compromise, and exfiltration. Ability to understand and weigh business risks and communicate appropriate information security measures
  • This position requires some development experience and high level of familiarity with common security libraries, security controls, and common security flaws that apply to software development
  • Passion for open source
  • Linux and Docker experience