Product Security Engineer

The Development Team ❤️

As a Product Security engineer, you will join our development team that works on OpenZeppelin leading open source libraries and tools for blockchain projects, as well the OpenZeppelin Defender platform which is used to securely code, deploy, and operate smart contracts.
In this role, you will lead product security efforts across all our open source and the Defender platform. You will report to the CTO and work directly which each of the development teams. Responsibilities will include:

• Perform security-focused code reviews.
• Support and consult with product and development teams in the area of application security best practices.
• Lead threat modeling and security reviews.
• Lead in development of automated security testing to validate that secure coding best practices are being used.
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support the bug bounty program.
• Support the preparation of security releases.
• Develop/acquire security training and socialize the material with internal development teams.
• Participate and assist in product design and roadmap to increase application and end-user security.
• Participate in PoC development on new features or techniques to improve security.

You Have

• 5+ years working in product security.
• Familiarity with Ethereum and Solidity security issues and best practices.
• Experience conducting security design and code reviews.
• Experience working with security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
• Experience with security tools and best practices in AWS.
• Familiarity and ability to explain common security flaws and ways to address them.
• Good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
• Familiarity with relevant security standards such as SOC2 or ISO 27001.
• Strong desire to further your education about and contribute to the blockchain space.
• Excellent and professional English communication skills (written and verbal) — all of our internal and external communication is in English — with an ability to articulate complex topics in a clear and concise manner.
• Prior experience working remotely: strong personal organizational skills, a love for self-time management, and ability to work collaboratively with a team.

Nice to Have

• Development or scripting experience and skills. Familiarity with JavaScript/TypeScript, Rust, and Solidity are preferred.
• Experience in pen testing and/or threat modelling.

Location: 

This is a fully remote position with no travel required but we are only hiring in the following time zone range:

•  UTC -6 to UTC +3

Logistics

Our interview process takes place on Zoom and tends to consist of the following stages:

• Recruiter Call (45 mins)
• Hiring Manager Call (45 mins)
• Team Interview (30 mins)
• Leadership Interview (30 mins)
• Paid work test
• Reference checks

Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.