Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Enhance security across Element and the Matrix ecosystem while leading impactful projects.
- Company: Join a pioneering open-source company focused on secure communication.
- Benefits: Enjoy 40 days of leave, private healthcare, share options, and flexible hours.
- Why this job: Make a real difference in security for major organisations like NATO and the UN.
- Qualifications: Strong security knowledge, offensive experience, and proficiency in Python, Rust, TypeScript, or Go.
- Other info: Remote-first culture with a commitment to equality, diversity, and inclusion.
The predicted salary is between 48000 - 72000 £ per year.
Element was originally created to hire the founding team behind the Matrix protocol - the leading project for open, secure, decentralised communication. Matrix's mission is to make messaging as open as email, allowing everyone to choose where their data is hosted, enjoy private conversations and ultimately be in control of their communications. Element helps large organisations run Matrix at scale. Customers include the French, German and British governments, not to mention NATO and the UN.
The Element Security Team raises security standards across Element and the wider Matrix ecosystem. We have a dual role: owning and delivering projects that materially improve infrastructure, products, and the Matrix protocol, while also acting as advisors and consultants to other teams to ensure security is built in everywhere. The team also serves as the Matrix.org Foundation Security Team with roughly a 50/50 split across activities. Reporting to the Head of Security, we operate with wide scope and high impact. We are a small, pragmatic group that biases to action and values ownership over titles.
Recent work
- Led a critical security release: protocol design input and impact analysis of foundational Matrix changes, embargo coordination.
- Built an SBOM pipeline using syft, grype, and Dependency-Track, plus custom tooling.
- Partnered with Compliance to achieve security certifications, prioritising controls that materially improve risk posture and avoiding boxticking.
- All this along side 10-20% time for exploratory research and tooling.
Responsibilities
- Contribute to the continuous penetration testing programme for Element and Matrix.org infrastructure.
- Own vulnerability management: triage, prioritisation, and remediation guidance.
- Embed security into CI/CD and infrastructure-as-code workflows.
- Partner with engineering teams to raise security awareness and embed best practices.
- Conduct security research to identify novel vulnerabilities in infrastructure and code.
- Triage external vulnerability reports and coordinate responses/advisories.
- Deliver customer-facing security features (e.g. SBOMs, advisories).
- Review and support secure development in Python, Rust, TypeScript and Go.
- Support Compliance by implementing and evidencing security controls.
- Contribute to protocol analysis and development with Matrix.org Foundation staff.
Requirements
- Strong grasp of core security principles and common vulnerability classes (across infrastructure, cloud and applications).
- Strong knowledge of network and cloud security, particularly AWS.
- Demonstrable offensive security experience (pentest, bug bounty, or research). Tooling fluency in common pentesting tools (nmap, nuclei, mitmproxy, Burp, ffuf, etc); bonus points for the ability to script your own.
- Proficiency in at least one of Python, Rust, TypeScript, or Go.
- Experience working with software teams to help them embed security practices into their workflows.
- Comfortable working in a remote-first organisation.
- Based in Europe (including UK).
Nice to have
- Results of prior security research (write-ups, CVEs, exploits). We prefer demonstrated results over certificates.
- Familiarity with the Matrix protocol and/or cryptography.
- Customer-facing security docs or advisory experience.
- Participation in CTF competitions and similar security challenges.
- Knowledge of secure data handling, especially in the context of GDPR.
- Prior experience with achieving security certifications, ideally ISO 27001.
- Open-source security contributions. We are an open source company, an intuitive understanding of what it is to contribute to FOSS projects will be beneficial.
Benefits
- Meaningful, mission-driven work in open source
- 40 days of annual leave (incl. local public holidays)
- Private healthcare (depending on location)
- Share options
- Flexible hours and remote-first culture
- Family-friendly environment
- Annual bonus subject to individual and company performance
Our Values
- We care about the greater good
- We work together in the open
- We are proud of how we serve our customers
- We are ambitious and iterate rapidly
Equality, diversity, and inclusion
Element does not discriminate on the basis of race, sex, colour, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.
Senior Security Engineer employer: Element
Contact Detail:
Element Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Senior Security Engineer
✨Tip Number 1
Network like a pro! Reach out to folks in the industry, especially those already at Element or similar companies. A friendly chat can sometimes lead to insider info about job openings or even a referral!
✨Tip Number 2
Show off your skills! If you’ve got a portfolio of projects or contributions to open-source security tools, make sure to highlight them. We love seeing practical examples of your work that align with our mission.
✨Tip Number 3
Prepare for the interview by brushing up on your knowledge of the Matrix protocol and security principles. We want to see your passion for secure communication and how you can contribute to our goals.
✨Tip Number 4
Don’t forget to apply through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team.
We think you need these skills to ace Senior Security Engineer
Some tips for your application 🫡
Tailor Your CV: Make sure your CV reflects the skills and experiences that align with the Senior Security Engineer role. Highlight your offensive security experience and any relevant projects you've worked on, especially those involving penetration testing or vulnerability management.
Craft a Compelling Cover Letter: Use your cover letter to tell us why you're passionate about security and how you can contribute to our mission at Element. Share specific examples of your work in security and how it relates to the Matrix protocol or open-source contributions.
Showcase Your Technical Skills: Don’t forget to mention your proficiency in programming languages like Python, Rust, TypeScript, or Go. If you’ve used pentesting tools or have experience with cloud security, make sure to include that too!
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way for us to receive your application and ensures you’re considered for the role. Plus, it shows you’re keen on joining our team!
How to prepare for a job interview at Element
✨Know Your Security Fundamentals
Make sure you have a solid grasp of core security principles and common vulnerability classes. Brush up on your knowledge of network and cloud security, especially AWS, as this will likely come up during the interview.
✨Showcase Your Offensive Security Experience
Be ready to discuss your hands-on experience with penetration testing, bug bounties, or any relevant research. Bring examples of tools you've used, like nmap or Burp, and if you’ve scripted your own tools, definitely mention that!
✨Demonstrate Collaboration Skills
Since the role involves partnering with engineering teams, prepare to share examples of how you've successfully embedded security practices into workflows. Highlight any past experiences where you raised security awareness within a team.
✨Familiarise Yourself with Matrix Protocol
Understanding the Matrix protocol and its security implications can set you apart. If you have any prior experience or insights related to open-source contributions or cryptography, be sure to bring those up during the conversation.
