View All Jobs 170324

Senior Security Engineer - Remote Eligible

Contribute to security research and vulnerability management for Matrix protocol infrastructure
Remote
Senior
yesterday
Element

Element

Element.io offers secure, decentralized, and interoperable communication via an open-source, end-to-end encrypted messaging and collaboration platform.
1 Similar Job at Element

Element Security Team Position

Element was originally created to hire the founding team behind the Matrix protocol – the leading project for open, secure, decentralised communication.

Matrix's mission is to make messaging as open as email, allowing everyone to choose where their data is hosted, enjoy private conversations and ultimately be in control of their communications.

Element helps large organisations run Matrix at scale. Customers include the French, German and British governments, not to mention NATO and the UN.

The Role

The Element Security Team raises security standards across Element and the wider Matrix ecosystem. We have a dual role: owning and delivering projects that materially improve infrastructure, products, and the Matrix protocol, while also acting as advisors and consultants to other teams to ensure security is built in everywhere. The team also serves as the Matrix.org Foundation Security Team with roughly a 50/50 split across activities. Reporting to the Head of Security, we operate with wide scope and high impact. We are a small, pragmatic group that biases to action and values ownership over titles.

Recent Work

  • Led a critical security release: protocol design input and impact analysis of foundational Matrix changes, embargo coordination.
  • Built an SBOM pipeline using syft, grype, and Dependency-Track, plus custom tooling.
  • Partnered with Compliance to achieve security certifications, prioritising controls that materially improve risk posture and avoiding boxticking.
  • All this along side 10-20% time for exploratory research and tooling.

Responsibilities

  • Contribute to the continuous penetration testing programme for Element and Matrix.org infrastructure.
  • Own vulnerability management: triage, prioritisation, and remediation guidance.
  • Embed security into CI/CD and infrastructure-as-code workflows.
  • Partner with engineering teams to raise security awareness and embed best practices.
  • Conduct security research to identify novel vulnerabilities in infrastructure and code.
  • Triage external vulnerability reports and coordinate responses/advisories.
  • Deliver customer-facing security features (e.g. SBOMs, advisories).
  • Review and support secure development in Python, Rust, TypeScript and Go.
  • Support Compliance by implementing and evidencing security controls.
  • Contribute to protocol analysis and development with Matrix.org Foundation staff.
+ Show Original Job Post
Suggest a correction
























Senior Security Engineer - Remote Eligible
Remote
Engineering
Apply to job
About Element
Element.io offers secure, decentralized, and interoperable communication via an open-source, end-to-end encrypted messaging and collaboration platform.