Staff Application Security Engineer
Remote
Toronto,Remote (Canada, US, Europe, UK)
Staff
About the role
Who you are
- Minimum five (5) years of experience as a security engineer
- Minimum two (2) years of experience as a developer
- Thorough knowledge of the OWASP Top 10
- Experience with multiple SAST / SCA tools
- Deep knowledge of the NodeJS ecosystem and its associated security risks (e.g. dependency security risks)
- Knowledge of Typescript
- Minimum two (2) years of working with k8s
- Offensive / adversarial security mindset
- Strong communication skills
- Minimum 1-2 years in crypto / web3
- SIEM experience, preferably something other than Splunk
- AWS or GCP experience highly desirable
- Experience writing custom rules for Semgrep
- Experience with MPC
- Experience with HSMs
- Experience with TEEs
What the job involves
- We are looking for a strong Application Security Engineer, preferably with crypto / web3 experience
- As a Staff Application Security Engineer, you will own the security of the Web2 / off-chain part of our crypto tech stack, including frontend and backend code, with a constant focus on crypto-specific security risks
- Reporting to the CISO, this role is a generalist security engineering role with an AppSec focus, working closely on other security projects on an as-needed basis, including but not limited to optimizing existing monitoring tooling, performing IR, working closely with the IT team, etc
- Because this role will lead and train junior frontend developers in secure coding practices, excellent communication skills and reasonable EQ are a non-negotiable prerequisite for this role
Staff Application Security Engineer
Remote
Toronto,Remote (Canada, US, Europe, UK)
Staff
About the role
Who you are
- Minimum five (5) years of experience as a security engineer
- Minimum two (2) years of experience as a developer
- Thorough knowledge of the OWASP Top 10
- Experience with multiple SAST / SCA tools
- Deep knowledge of the NodeJS ecosystem and its associated security risks (e.g. dependency security risks)
- Knowledge of Typescript
- Minimum two (2) years of working with k8s
- Offensive / adversarial security mindset
- Strong communication skills
- Minimum 1-2 years in crypto / web3
- SIEM experience, preferably something other than Splunk
- AWS or GCP experience highly desirable
- Experience writing custom rules for Semgrep
- Experience with MPC
- Experience with HSMs
- Experience with TEEs
What the job involves
- We are looking for a strong Application Security Engineer, preferably with crypto / web3 experience
- As a Staff Application Security Engineer, you will own the security of the Web2 / off-chain part of our crypto tech stack, including frontend and backend code, with a constant focus on crypto-specific security risks
- Reporting to the CISO, this role is a generalist security engineering role with an AppSec focus, working closely on other security projects on an as-needed basis, including but not limited to optimizing existing monitoring tooling, performing IR, working closely with the IT team, etc
- Because this role will lead and train junior frontend developers in secure coding practices, excellent communication skills and reasonable EQ are a non-negotiable prerequisite for this role