We are seeking a Senior Security Engineer interested in all aspects of blockchain and smart contract security. You should ideally have knowledge of both academic cryptography and practical computer security. You should be able to code attacks by hand, manage our HackerOne queue, and work with outside security consultants and penetration testers as necessary. Blockchain and smart contract experience is a plus, but by no means a prerequisite as it’s a young field.
You should learn fast, think on your feet, and be comfortable in a startup environment. We’re happy to have you work remote, but we’d ask that you travel to San Francisco for an initial orientation session.
1) As a security engineer on our team you will have an opportunity to be both builder and breaker
2) As a builder you will help our engineers harden all our systems, with a particular focus on private key management
3) As a breaker you will perform ongoing security reviews and penetration tests
4) Because security and cryptography is such an important part of the blockchain space, you'll get the opportunity to stay up to date on the latest research
5) Finally, you'll manage our HackerOne queue and work with outside vendors as necessary
1) BS/MS/PhD degree in CS or an allied discipline - or the equivalent in independent experience
2) Proficiency in a modern high-level language like Python, Ruby, Go, or Node.js (and, ideally, C++ as well)
3) Experience with incident detection, incident response, forensics, and threat modeling
4) Practical experience with AWS/Cloudflare and DDOS attack mitigation
5) Expertise in traditional web app/OWASP-type security, both in terms of testing for vulnerabilities and remediating them
6) Desire to build security controls, logging, and instrumentation on our codebase
7) A practical understanding of how the primitives from academic cryptography work (eg hashes, digital signatures, etc). Bonus points for published cryptography papers or open source code.