Who we are

Element was originally created to hire the founding team behind the Matrix protocol – the leading project for open, secure, decentralised communication.

Matrix’s mission is to make messaging as open as email, allowing everyone to choose where their data is hosted, enjoy private conversations and ultimately be in control of their communications.

Element helps large organisations run Matrix at scale. Customers include the French, German and British governments, not to mention NATO and the UN.

The Role

The Element Security Team raises security standards across Element and the wider Matrix ecosystem. We have a dual role: owning and delivering projects that materially improve infrastructure, products, and the Matrix protocol, while also acting as advisors and consultants to other teams to ensure security is built in everywhere. The team also serves as the Matrix.org Foundation Security Team with roughly a 50/50 split across activities. Reporting to the Head of Security, we operate with wide scope and high impact. We are a small, pragmatic group that biases to action and values ownership over titles.

Recent work

• Led a critical security release: protocol design input and impact analysis of foundational Matrix changes, embargo coordination.
• https://matrix.org/blog/2025/07/security-predisclosure/
• https://matrix.org/blog/2025/08/project-hydra-improving-state-res/
• Built an SBOM pipeline using syft, grype, and Dependency-Track, plus custom tooling.
• Partnered with Compliance to achieve security certifications, prioritising controls that materially improve risk posture and avoiding boxticking.
• All this along side 10-20% time for exploratory research and tooling.

Responsibilities

• Contribute to the continuous penetration testing programme for Element and Matrix.org infrastructure.
• Own vulnerability management: triage, prioritisation, and remediation guidance.
• Embed security into CI/CD and infrastructure-as-code workflows.
• Partner with engineering teams to raise security awareness and embed best practices.
• Conduct security research to identify novel vulnerabilities in infrastructure and code.
• Triage external vulnerability reports and coordinate responses/advisories.
• Deliver customer-facing security features (e.g. SBOMs, advisories).
• Review and support secure development in Python, Rust, TypeScript and Go.
• Support Compliance by implementing and evidencing security controls.
• Contribute to protocol analysis and development with Matrix.org Foundation staff.

Requirements

• Strong grasp of core security principles and common vulnerability classes (across infrastructure, cloud and applications).
• Strong knowledge of network and cloud security, particularly AWS.
• Demonstrable offensive security experience (pentest, bug bounty, or research). Tooling fluency in common pentesting tools (nmap, nuclei, mitmproxy, Burp, ffuf, etc); bonus points for the ability to script your own.
• Proficiency in at least one of Python, Rust, TypeScript, or Go.
• Experience working with software teams to help them embed security practices into their workflows.
• Comfortable working in a remote-first organisation.
• Based in Europe (including UK).

Nice to have

• Results of prior security research (write-ups, CVEs, exploits). We prefer demonstrated results over certificates.
• Familiarity with the Matrix protocol and/or cryptography.
• Customer-facing security docs or advisory experience.
• Participation in CTF competitions and similar security challenges.
• Knowledge of secure data handling, especially in the context of GDPR.
• Prior experience with achieving security certifications, ideally ISO 27001.
• Open-source security contributions. We are an open source company, an intuitive understanding of what it is to contribute to FOSS projects will be beneficial.

• Meaningful, mission-driven work in open source
• 40 days of annual leave (incl. local public holidays)
• Private healthcare (depending on location)
• Share options
• Flexible hours and remote-first culture
• Family-friendly environment
• Annual bonus subject to individual and company performance

Our Values

• We care about the greater good
• We work together in the open
• We are proud of how we serve our customers
• We are ambitious and iterate rapidly

Equality, diversity, and inclusion

Element does not discriminate on the basis of race, sex, colour, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.

Your personal data will be processed in accordance with our .