Senior Application Security Engineer

About the Role

MetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible.

We are looking for a Senior Application Security Engineer to join our rapidly growing security team to help embed security into all phases of the software development lifecycle. You would work closely with development teams and product managers to ensure MetaMask products are designed and implemented to the highest security standards. Consenys’s application security team primarily supports MetaMask with opportunities to expand to additional products in the Consensys family.

To apply for this position, you must have:

• 6+ years of experience building and securing software, with at least 4 years in a product security, or application security position.
• Experience securing server-side applications and environments.
• Experience performing security design reviews, threat modeling, or security testing.
• Enthusiasm for writing code, and helping others do the same.
• Experience securing web applications & APIs
• Solid written and verbal communication skills.
• Proactiveness and be self-driven to be successful working in a remote environment.
• Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.
• A belief in our mission and values.

Timezone: Most timezones will work. Regardless of where you are, some overlap with EU and US-Pacific time zones will be necessary. 

Nice to have:

• Experience working as a software developer.
• Familiarity with the Ethereum blockchain and Decentralized Applications.
• You’re a MetaMask user!

Responsibilities

• Determine the root cause and severity of vulnerabilities reported to us through our bug bounty platform.
• Interface with ethical hackers, triage reports, and guide product engineering teams to resolution.
• Document identified vulnerabilities in a way that allows for our engineering team to take quick action.
• Write code to support the development of security engineering projects, or fix vulnerabilities in MetaMask client applications. This includes the development of AI tooling for vulnerability determination and resolution in order to keep pace with the changing AI-powered vulnerability detection landscape.
• Assess potential security vulnerabilities within our applications, and work with development teams to ensure remediation in our established SLAs.
• Support product teams as they develop new features by conducting design reviews, threat modeling, security testing, and code reviews.
• Identify gaps in MetaMask’s secure software development life cycle (SSDLC), and take initiative leading efforts to address them.
• Participate and contribute to team meetings, roadmap planning, and discussions.
• Validate that security patches address reported vulnerabilities and test for any potential bypasses
• Proactively prevent future occurrences of a vulnerability through developing automation, security controls, and educating developers.
• Pave your own path in how you want to make MetaMask more secure. 

Don't meet all the requirements? Don't sweat it. We’re passionate about building a diverse team of humans and as such, if you think you've got what it takes for our chaotic-but-fun, remote-friendly, start-up environment—apply anyway, detailing your relevant transferable skills in your cover letter. While we have a pretty good idea of what we need, we're ready for you to challenge our thinking on who needs to be in this role.

It is a requirement of employment in this position that applicants will be required to submit to background checks including but not limited to employment, education and criminal record checks. Further details will be provided to applicants that successfully meet the criteria for the position as determined by the company in its sole discretion. By submitting an application for employment, you are acknowledging and consenting to this requirement.

Benefits

Competitive benefits

We have a comprehensive and competitive benefits package to make sure we’re looking after you and what matters most.

Equity

We believe in ownership and want everyone to have a stake in our future success, that’s why you’ll receive equity when you join us.

Recognized in the blockchain and Web3 ecosystem

Working at Consensys is a tremendous reference for your career. You’ll join a network of entrepreneurs and technologists that extends across the global crypto ecosystem.

Continuous learning & opportunities

We provide growth and development opportunities through the Consensys Advance Program, including full access to Coursera & comprehensive learning modules and programs.

Unlimited vacation/holidays

We value downtime to recharge and reset, ensuring everyone at ConsenSys has work/life balance. In addition, company-wide we participate in “zero productivity” days to take a break from work, shut down, and sit back and relax.

Flexible working arrangements

With our global workforce we have fine-tuned asynchronous working which means we have a lot of flexibility in the structure of when we work and how we work together.

Remote first

You’ll be joining a team based all over the world. Providing the unique opportunity to work with people from across 6 continents.