Staff Engineer, Product Security

About LinkedIn

LinkedIn is the world’s largest professional network, built to create economic opportunity for every member of the global workforce. Our products help people make powerful connections, discover exciting opportunities, build necessary skills, and gain valuable insights every day. We’re also committed to providing transformational opportunities for our own employees by investing in their growth. We aspire to create a culture that’s built on trust, care, inclusion, and fun – where everyone can succeed. Join us to transform the way the world works.

This location is hybrid in our Mountain View office location.

At LinkedIn, we trust each other to do our best work where it works best for us and our teams. This role offers a hybrid work option, meaning you can both work from home and commute to a LinkedIn office, depending on what’s best for you and when it is important for your team to be together.

About the team

LinkedIn's members entrust us with their information every day and we take their security seriously. Our core value of putting our members first powers all the decisions we make, including how we manage and protect the data of our members and customers. Information Security at LinkedIn is dedicated to protecting and securing business-critical member data and company assets. Our core mission is to empower LinkedIn to create a secure and thriving platform for every member of the global workforce.

The Product Security team strives to proactively safeguard our products, applications, and infrastructure by identifying, assessing, and mitigating security and privacy risks. We are dedicated to protecting our members by researching evolving threats and attack vectors, identifying vulnerabilities, and providing security consultation to minimize potential risks. We invest significantly in automation and focus on high impact engineering projects that detect security risks. 

Responsibilities:
Research threats and attack vectors that impact LinkedIn's applications and infrastructure. 
Assess new and existing applications and system deployments for vulnerabilities and design flaws and prioritize remediation efforts based on risk. 
Devise and bolster defenses through secure-by-default frameworks, architectures, and processes. 
Engage with Product, Infrastructure and Engineering teams to build threat models, design secure systems, perform security penetration tests and secure code reviews at a recurring cadence.
Build, maintain and enhance source code scanning capabilities to detect security vulnerabilities. 
Maintain and build improvements to systems supporting supply chain assurance. 
Design and implement custom solutions that can identify and help mitigate security vulnerabilities at scale.
Engage in quarterly purple team activities focused on breaking and hardening critical systems in the LinkedIn ecosystem.
Evaluate new products and technologies, including potential acquisitions. 
Respond to external vulnerability researcher inquiries and vulnerability reports. 
Educate and advocate for security improvement throughout the LinkedIn ecosystem through mentorship and coaching. 

Basic Qualifications:
-BA/BS Degree in Computer Science or related technical discipline, or related practical experience.
-4+ years experience and in-depth knowledge of application security, authentication and security protocols, cryptography, supply chain security and mobile security.
-4+ years experience in various security assessment methodologies such as threat modeling, design reviews, penetration testing and vulnerability assessment.
-Experience designing and implementing tooling that detects and mitigate security vulnerabilities
-4+ years of experience with programming languages such as Java, GoLang or Python

Preferred Qualifications:
-MS or PhD in Computer Science or related technical discipline
-Experience with security research, penetration testing, bug bounty and CTF competitions
-Experience with codeql, semgrep and GitHub integration workflows
-Ability to work across teams and communicate concisely and clearly to stakeholders
-8+ years of industry experience in software design, development, and algorithm related solutions.
-8+ years programming experience in object-oriented programming languages such as Python, Java, Javascript, C/C++, C#, Objective-C, or Ruby.

Suggested Skills:
-Application and Infrastructure Security
-Penetration Testing of applications, cloud infrastructure, and systems components 
-Software development using Python, Go or Java
-Threat modeling and risk assessments

You will Benefit from our Culture:

We strongly believe in the well-being of our employees and their families. That is why we offer generous health and wellness programs and time away for employees of all levels.

LinkedIn is committed to fair and equitable compensation practices.

The pay range for this role is $147,000 to $240,000. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor. The total compensation package for this position may also include annual performance bonus, stock, benefits and/or other applicable incentive compensation plans. For more information, visit https://careers.linkedin.com/benefits.

Equal Opportunity Statement
LinkedIn is committed to diversity in its workforce and is proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class. LinkedIn is an Affirmative Action and Equal Opportunity Employer as described in our equal opportunity statement here: https://microsoft.sharepoint.com/:b:/t/LinkedInGCI/EeE8sk7CTIdFmEp9ONzFOTEBM62TPrWLMHs4J1C_QxVTbg?e=5hfhpE. Please reference https://www.eeoc.gov/sites/default/files/2023-06/22-088_EEOC_KnowYourRights6.12ScreenRdr.pdf and https://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf for more information.

LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful.

If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at accommodations@linkedin.com and describe the specific accommodation requested for a disability-related limitation.

Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to:

-Documents in alternate formats or read aloud to you
-Having interviews in an accessible location
-Being accompanied by a service dog
-Having a sign language interpreter present for the interview

A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response.

LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information.

Pay Transparency Policy Statement
As a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: https://lnkd.in/paytransparency.

Global Data Privacy Notice for Job Candidates
This document provides transparency around the way in which LinkedIn handles personal data of employees and job applicants: https://lnkd.in/GlobalDataPrivacyNotice