Roles and Responsibilities - Security

Roles and Responsibilities - Security

Each role in our security team plays an essential part in safeguarding our software, infrastructure, and data. By working collaboratively across departments, we ensure that security is embedded at every level of our organization. Below is a breakdown of the key roles within the security team, each designed to address different aspects of our security strategy. Career level definitions for security are the same as the ones seen in the career path.

👨🏻‍✈️ Head of Security

The Head of Security at Rocket.Chat is responsible for the strategic direction, management, and operational effectiveness of all security functions within the organization. This includes overseeing Application Security, Blue Team (Defensive Security), Red Team (Offensive Security), and Governance, Risk, and Compliance (GRC) programs. This position collaborates closely with cross-functional teams to safeguard our software development lifecycle, internal systems, and data, while fostering a security-first culture across the company.

🔬 Application Security Engineer

Application Security Engineers (sometimes also referred to as Product Security Engineers) are responsible for ensuring that Rocket.Chat’s software is secure throughout its development lifecycle. This includes designing and implementing security measures to identify, assess, and mitigate vulnerabilities in the codebase. They work closely with software developers and DevOps teams to integrate secure coding practices, conduct code reviews, perform vulnerability assessments, and advise on secure architecture. The Application Security Engineer also monitors new threats in the application space and implements strategies to address them proactively.

⚔️ Offensive Security Engineer

Offensive Security Engineers focus on identifying and exploiting vulnerabilities within Rocket.Chat’s systems through penetration testing, red teaming, and other offensive security techniques. Their role is to simulate cyberattacks to discover weaknesses before they can be exploited by malicious actors.

🛡️ Defensive Security Engineer

Defensive Security Engineers are responsible for monitoring, defending, and enhancing the organization’s network and infrastructure against cyber threats. This role involves managing intrusion detection systems, security information and event management (SIEM) systems, and other security tools to detect and respond to threats in real-time. They may conduct vulnerability security audits and work on incident response processes. The Defensive Security Engineer also collaborates with other security teams to implement security controls, perform threat hunting, and ensure compliance with security policies.

🎓 Security Intern

The Security Intern at Rocket.Chat plays a supportive role in the security team, assisting with a variety of tasks across all areas of security. The Security Intern works closely with engineers of different levels, helping with routine security tasks such as conducting basic vulnerability scans, assisting in the preparation of security documentation, solving security alerts, and so forth. While the Security Intern does not focus on a specific security area, they gain exposure to all aspects of security.