Security Software Engineer

About Tailscale

Tailscale is building the new Internet by delivering software that makes it easy to securely interconnect people and their devices, no matter where they are. From hobbyists to multinational corporations, teams of every size use Tailscale each day to protect their networks, share access to internal tools, and more. We're building a future for the Internet that's easy, sensible, and safe, like it used to be. Founded in 2019 and fully distributed, we're backed by Accel, CRV, Insight, Heavybit, and Uncork Capital.

Job Description

We’re seeking a talented software engineer, specializing in security and privacy, to help grow our product security team. We’re looking for people who can move Tailscale forward while making it safer to use. The abilities to think on your feet, collaborate with highly technical teams, and be comfortable working asynchronously are essential.

Key Responsibilities

• Improve the security properties of Tailscale by identifying opportunities for security and privacy features, bug fixes, and defense-in-depth, and implementing them across our codebase.
• Audit Tailscale features for technical security weaknesses, identifying mitigations or solutions, and driving them towards resolution.
• Support engineering decisions with threat modeling and security analysis and expertise.
• You will spend at least 50% of your time in this role writing software vs purely operational or governance security responsibilities.

What We Are Looking For

Technical

• Proficiency developing in at least one programming language (Tailscale uses Go)
• Proficiency developing for at least one application platform (e.g. iOS, Android, web, Windows, macOS, Linux)
• Prior experience in a safety-related technical role, e.g.:
  • application security or application platform security
  • penetration testing
  • threat modeling and prioritization
  • user experience design or research
  • digital forensics and incident response
• Deep understanding of web application vulnerabilities (e.g., OWASP Top 10), client-side security, and common API security flaws
• Collaborate with engineering teams to promote secure coding practices and provide targeted security guidance and training
• Knowledge of cryptographic primitives and protocols
• Knowledge of common networking protocols

Team Fit

• Ability to give and process constructive feedback
• Ability to work independently and collaboratively
• Flexibility to adjust to the dynamic nature of a startup
• Take a risk-based approach to building security controls, balancing your security expertise and broad technical skillsets with practical, usable solutions

What We Offer

• An inclusive, flexible environment where you can be your authentic self.
• A competitive total compensation package, including base salary, equity, and variable commission (for quota-based roles).
• Comprehensive group benefits with no waiting period, covering health, vision, dental, and more.
• Remote-first company model, allowing work from anywhere with Wi-Fi, virtual and in-person social events, and corporate co-working access.
• Opportunities for intentional in-person connections at annual company retreats and team off-sites across Canada, the United States, and the United Kingdom.
• Support for personal and professional development with $1500 USD annually for professional development, mentorship, coaching, and internal promotion opportunities.
• Flexible, paid time off program promoting healthy work-life integration.
• A build-your-own home office setup, including a company-owned laptop, monthly home internet reimbursement, and $1000 USD for workstation customization.
• Generous parental leave program from your first day, with top-ups for up to 26 weeks.

Key skills/competency

• Application Security
• Threat Modeling
• Go Programming
• Networking Protocols
• Cryptographic Protocols
• Vulnerability Assessment
• Secure Coding Practices
• API Security
• Client-side Security
• Incident Response