Summary
Company Information
We are a team of builders and researchers on a mission to empower enterprises and developers worldwide to access and build on decentralized systems.
Our expertise covers several domains: Ethereum and Starknet protocol engineering, layer-2, cryptography research, protocol research, decentralized finance (DeFi), security auditing, formal verification, real-time monitoring, smart contract development, and dapps and enterprise engineering.
Working to solve some of the most challenging problems in the blockchain space, we frequently collaborate with, such as Ethereum Foundation, Starknet Foundation, Gnosis Chain, Flashbots, Forta Protocol, Lido, EigenLayer, Open Zeppelin, RISCZero, Aleph Zero, and many more.
Today, we are a 350+ strong team working remotely across 66+ countries.
Role Information
We are seeking an experienced Application Security Engineer to enhance the security of our applications. You will be instrumental in integrating security practices into the software development lifecycle (SDLC) and protecting against potential vulnerabilities.
Responsibilities:
Conduct thorough vulnerability assessments for web applications, identifying, reproducing, and resolving security vulnerabilities.
Address false positives / negatives to filter and fine tune found vulnerabilities.
Develop, implement, and maintain secure coding practices.
Integrate security measures within the software development lifecycle in collaboration with remote development teams.
Perform security-focused code reviews and support threat modeling activities.
Lead the implementation and maintenance of automated security testing tools for applications.
Lead red-team exercises to evaluate and improve security postures.
Stay updated with the latest security threats, trends, and technologies.
Mentor and provide guidance to junior security team members when necessary.
Participate in the design and planning phases to ensure security considerations are addressed early.
Must Haves:
Minimum of 5 years of application security experience.
Strong knowledge of web application security, including OWASP Top 10 vulnerabilities.
Experience with security tools and best practices in cloud environments (particularly AWS and GCP).
Familiarity with SAST (Static Application Security Testing), DAST (Dynamic Application Security Testing), Software Composition Analysis (SCA) practices.
Understanding of container security technologies such as Docker or Kubernetes.
Knowledge of network and web-related protocols (TCP/IP, UDP, HTTP, HTTPS).
Familiarity with security standards and compliance frameworks like SOC2, ISO 27001, or NIST.
Excellent written and verbal communication skills.
Strong analytical and problem-solving skills.
Ability to work independently and manage tasks effectively.
Proficiency in English for clear and concise communication.
Ability to work independently and manage tasks effectively in a distributed team.
Self-motivated with excellent time management skills suited for asynchronous work.
Strong organizational skills and a proactive approach to addressing challenges.
Nice to Haves:
General understanding of the blockchain ecosystem and the Ethereum network as well as smart contract auditing.
Development or scripting experience, preferably in languages such as JavaScript, TypeScript, Python, Go.
Experience with secure implementation of authentication and authorization systems (OAuth, JWT, SSO).
Experience in penetration testing using various techniques, including Living Off The Land (LOTL).
Experience with threat modeling frameworks, such as STRIDE and PASTA.
This position offers the opportunity to contribute to cutting-edge projects and work with a dynamic team dedicated to maintaining the highest security standards. Join us to play a pivotal role in safeguarding our applications and supporting the broader blockchain community.