Question: do you guys have a software or product security team? I suggested the roles to workwithus @ Signal on 5/18/2018 and have never seen a public follow-up in the form of career postings.
Asking because such a team may be best equipped to serve as both the support and internal accountability function for such while minimizing business conflicts when engineering is facing challenges integrating security into DevOps natively.
At this point, it's probably warranted; the last time I asked was when Signal was seeing its spree of XSS defects in the desktop app. If Signal has one, a simple "yes" will suffice, but without a reply, I have to assume not.
Given Signal's raison d'être, I would think nearly their entire team is the "security team".
I'm not being entirely facetious either - security is the USP of the product, I really would expect security knowledge and a feeling of responsibility for the product's security to be pervasive throughout the whole team.
Asking because such a team may be best equipped to serve as both the support and internal accountability function for such while minimizing business conflicts when engineering is facing challenges integrating security into DevOps natively.
At this point, it's probably warranted; the last time I asked was when Signal was seeing its spree of XSS defects in the desktop app. If Signal has one, a simple "yes" will suffice, but without a reply, I have to assume not.