Security Engineer - Application Security

  • Coinbase
  • San Francisco, CA, USA
  • Jun 29, 2018
Full time JAVA Ruby on Rails Security

Job Description

Coinbase stores more digital currency than any company in the world, making us a tier 1 target on the internet. Given breaches are the number one cause of death amongst digital currency companies, security is core to our mission and has been a key competitive differentiator for us as we scale. If you’re a security professional looking to fight on the front lines in a high-stakes, high-intensity environment, we’d like to speak with you about joining our security team.

We’re a small team working with a large engineering group.  We work on deployment and security tooling, developer education, security-critical design and code review and good ol-fashioned pentesting.  Our goal is to help our engineers ship safe, resilient code as part of a multi-layered and diverse ecosystem of containerized microservices.

Responsibilities

  • Build/deploy/maintain security controls and instrumentation around and in our code
  • Consult with engineering teams on security-critical product features
  • Help facilitate our bug bounty program
  • Educate developers

Requirements

  • Significant experience in at least one of Ruby, Go, Node or Java
  • Strong understanding of AWS services and architectures
  • Understanding of common vulnerabilities in web and mobile applications
  • Great ability to communicate with developers
  • Interest in both breaking and building

Preferred

  • Experienced with Docker security
  • Experience with popular threat modeling systems
  • Experience with static analysis
  • Experience fuzzing applications and protocols

What to send

  • A resume or LinkedIn profile
  • A link to your GitHub/Stack Overflow/HackerOne profile or something awesome that you've built
  • A brief answer to the following question: If you were to break into Coinbase, how would you do it?