Sr. Product Security Engineer

LinkedIn is the world’s largest professional network, built to create economic opportunity
for every member of the global workforce. Our products help people make powerful
connections, discover exciting opportunities, build necessary skills, and gain valuable
insights every day. We’re also committed to providing transformational opportunities for
our own employees by investing in their growth. We aspire to create a culture that’s built on
trust, care, inclusion, and fun – where everyone can succeed. Join us to transform the way
the world works.

At LinkedIn, our approach to flexible work is centered on trust and optimized for culture,
connection, clarity, and the evolving needs of our business. The work location of this role is
hybrid, meaning it will be performed both from home and from a LinkedIn office on select
days, as determined by the business needs of the team.

About the team

LinkedIn's members entrust us with their information every day and we take their security
seriously. Our core value of putting our members first powers all the decisions we make,
including how we manage and protect the data of our members and customers.
Information Security at LinkedIn is dedicated to protecting and securing business-critical
member data and company assets. Our core mission is to empower LinkedIn to create a
secure and thriving platform for every member of the global workforce.

The Product Security team strives to proactively safeguard our products, applications, and
infrastructure by identifying, assessing, and mitigating security and privacy risks. We are
dedicated to protecting our members by researching evolving threats and attack vectors,
identifying vulnerabilities and providing security consultation to minimize potential risks.
We invest significantly in automation and focus on high impact engineering projects that
detect security risks.

Responsibilities:

• Research threats and attack vectors that impact LinkedIn's applications and
infrastructure.
• Assess new and existing applications and system deployments for vulnerabilities
and design flaws and prioritize remediation efforts based on risk.
• Devise and bolster defenses through secure-by-default frameworks, architectures,
and processes.
• Engage with Product, Infrastructure and Engineering teams to build threat models,
design secure systems, perform security penetration tests and secure code reviews
at a recurring cadence.
• Build, maintain and enhance source code scanning capabilities to detect security
vulnerabilities.
• Maintain and build improvements to systems supporting supply chain assurance.
• Design and implement custom solutions that can identify and help mitigate security
vulnerabilities at scale.
• Engage in quarterly purple team activities focused on breaking and hardening
critical systems in the LinkedIn ecosystem.
• Evaluate new products and technologies, including potential acquisitions.
• Respond to external vulnerability researcher inquiries and vulnerability reports.
• Educate and advocate for security improvement throughout the LinkedIn ecosystem
through mentorship and coaching.

Basic Qualifications
• Bachelor's degree in Information Security, Cybersecurity, Computer Science, or a related field, or equivalent experience
• 4+ years' experience and in-depth knowledge of application security, authentication
and security protocols, cryptography, supply chain security and mobile security.
• 4+ years' experience in various security assessment methodologies such as threat
modeling, design reviews, penetration testing and vulnerability assessment.
• Experience designing and implementing tooling that detects and mitigate security
vulnerabilities
• Experience with programming languages such as Java, GoLang or Python

Preferred Qualifications
• Master’s degree in Information Security, Cybersecurity, Computer Science, or other related technical disciplines.
• 5+ years' experience and in-depth knowledge of application security, authentication.
and security protocols, cryptography, supply chain security and mobile security.
• Experience with security research, bug bounty and CTF competitions
• Experience with codeql, semgrep and GitHub integration workflows
• Ability to work across teams and communicate concisely and clearly to
stakeholders

Suggested Skills:
-Application and Infrastructure Security
-Penetration Testing of applications, cloud infrastructure, and systems components 
-Software development using Python, Go or Java
-Threat modeling and risk assessments

You will Benefit from our Culture:
We strongly believe in the well-being of our employees and their families. That is why we
offer generous health and wellness programs and time away for employees of all levels.

LinkedIn is committed to fair and equitable compensation practices.

The pay range for this role is $121,000 to $198,000. Actual compensation packages are based on several factors that are unique to each candidate, including but not limited to skill set, depth of experience, certifications, and specific work location. This may be different in other locations due to differences in the cost of labor. The total compensation package for this position may also include annual performance bonus, stock, benefits and/or other applicable incentive compensation plans. For more information, visit https://careers.linkedin.com/benefits.

Equal Opportunity Statement
We seek candidates with a wide range of perspectives and backgrounds and we are proud to be an equal opportunity employer. LinkedIn considers qualified applicants without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other legally protected class.

LinkedIn is committed to offering an inclusive and accessible experience for all job seekers, including individuals with disabilities. Our goal is to foster an inclusive and accessible workplace where everyone has the opportunity to be successful.

If you need a reasonable accommodation to search for a job opening, apply for a position, or participate in the interview process, connect with us at accommodations@linkedin.com and describe the specific accommodation requested for a disability-related limitation.

Reasonable accommodations are modifications or adjustments to the application or hiring process that would enable you to fully participate in that process. Examples of reasonable accommodations include but are not limited to:

-Documents in alternate formats or read aloud to you
-Having interviews in an accessible location
-Being accompanied by a service dog
-Having a sign language interpreter present for the interview

A request for an accommodation will be responded to within three business days. However, non-disability related requests, such as following up on an application, will not receive a response.

LinkedIn will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by LinkedIn, or (c) consistent with LinkedIn's legal duty to furnish information.

Pay Transparency Policy Statement
As a federal contractor, LinkedIn follows the Pay Transparency and non-discrimination provisions described at this link: https://lnkd.in/paytransparency.

Global Data Privacy Notice for Job Candidates
This document provides transparency around the way in which LinkedIn handles personal data of employees and job applicants: https://lnkd.in/GlobalDataPrivacyNotice