Security Engineer - Coinbase Custody

  • Coinbase
  • New York, NY, USA
  • Jun 29, 2018
Full time Security

Job Description

Coinbase stores and secures more digital currency than any company in the world through its brokerage and exchange platforms. Coinbase now leverages its experience in world class digital asset custody security technology to serve institutional customers through its crypto asset custody product.

Trust is our greatest asset, and we maintain that trust by providing industry leading protection of assets under our care.  Security is thus core to our mission and has been a key competitive differentiator for us as we scale. If you’re a security professional looking to fight on the front lines in a high-stakes, we’d like to speak with you about joining our Coinbase Custody security team to secure the assets of our institutional clients.

We work on deployment and security tooling, developer education, security-critical design and code review and good ol-fashioned pentesting.  Our goal is to help our engineers ship safe, resilient code as part of a multi-layered and diverse ecosystem of containerized microservices.


  • Architecture Review and Threat Modeling of custody systems, services, and processes
  • Build/deploy/maintain security controls and instrumentation around custody applications
  • Identify security-critical product features and drive secure, risk-based implementation of those features
  • Maintain a world-class Bug Bounty program
  • Drive company-wide security education, focusing on application security weaknesses


  • Significant experience in at least one of Ruby, Go
  • Understanding of common vulnerabilities in web and mobile applications
  • Great ability to communicate with developers and outside teams
  • Interest in both breaking and building
  • Familiar with coordination of third party security testing and audit
  • Ability to design and support security monitoring operations, infrastructure, and SLAs
  • Owns secure development and operations lifecycle
  • Must be highly technical, hands-on and also capable of generating precise written and oral reports and professional communication for senior level review and client-facing in support of various projects.


  • Experience with Docker security
  • Experience with popular threat modeling systems (STRIDE, Attack Trees, etc)
  • Experience with static analyzers (Brakeman/ESLint/Checkmarx)
  • Experience fuzzing applications and protocols

What to send

  • A resume or LinkedIn profile
  • A link to your GitHub/Stack Overflow/HackerOne profile or something awesome that you've built