Security Engineer

At Figment, our mission is to create an Internet that is truly decentralized where users can freely interact, share, collaborate, and exchange goods and services in a trustless environment. We offer staking, middleware, and application layer solutions for token holders and developers investing in and building on Web 3 technologies. Together, we can build a better Internet.

As a member of the Figment Security Management Team, you will be responsible for planning, design, testing, implementation, and maintenance of security systems that monitor and protect the organization from vulnerabilities and threats. Successful applicants must be capable of evaluating systems, applications, and processes to identify common vulnerabilities and weaknesses and work with other departments to provide mitigation strategies.

You will utilize knowledge of security of operating systems, networking and protocols, firewalls, databases and middleware applications, forensics, scripting, and programming to actively monitor, scan and detect vulnerabilities, risks, exposures and intrusions and effectively translate highly technical information to internal customers in a way that supports CIS and broader Figment goals. You will support fellow security and platform engineers, and application developers with remediation recommendations and validation of corrective actions.

What you'll be doing...

• Deploy and maintain security tooling at Figment. (AV/EDR. IDS/IPS, DLP, Logging & Monitoring)
• Document processes, procedures, and workflows for Blue Team operations.
• Partner with engineers to remediate vulnerabilities found in applications and infrastructure.
• Partner with engineers to identify security gaps and integrate security into the software development lifecycle.
• Solid experience in secure coding, cryptography, vulnerability assessment, static and dynamic application security testing.
• Familiarity with encryption fundamentals: PKI, Encryption, Digital Signatures, & Key Management.
• Strong in one or more multi-platform Object-Oriented programming skills e.g., C, C++, Java.
• Perform scheduled technical security exercises, security assessments, and code audits.
• Familiarity with managing infrastructure configuration through infrastructure-as-code principles
• Prepare strategies to protect high risk blockchain keys that have 100% online requirements.
• Communicate the importance of security to the wider organization in a clear and simple way.
• Develop scripts, tools, or methodologies to enhance Figment’s blue teaming processes.

Where you'll be working...

This role will be remote based 

What we’re looking for...

You’ll need to have:

• Bachelor's degree or four or more years of work experience
• Strong technical background and understanding in the areas of Enterprise Infrastructure, Information Security and Automation tools e.g., Terraform, Ansible, Chef, Puppet
• Working knowledge of Cloud Provider security architecture design patterns (AWS, CloudFoundry, Azure etc.)
• Experience in building and maintaining security systems
• Experience with OWASP, static/dynamic analysis, and common security tools.
• Experience in shell scripting or automation of simple tasks using Perl, Python, or Ruby.
• Experience with Red, Blue, or Purple teaming exercises.
• Strong knowledge of tools used for Blue Team operations including SIEM, endpoint protection, network detection, vulnerability scanning, cloud security, forensics and incident response.
• Strong technical writing and communication skills

Even better if you have…

• A degree in a technical field.
• Software Engineering experience
• Solid understanding of public cloud environments including AWS, Azure and GCP.
• Solid understanding of TCP/IP with the ability to perform protocol-level network analysis.
• Solid understanding of various operating systems such as Windows/Linux/MacOS.
• Experience with SOAR, SIEM, threat intelligence platforms, vulnerability assessment tools, Cloud platforms, EDR, Cyber threats and attack vectors, exploitation methods, IOC and TTP's.
• CI/CD development pipeline experience for application security technologies.
• Familiarity with Terraform, Ansible, AWS, Azure, GCP. Kubernetes and Git.
• Familiarity with common virtualization technologies like Docker, Kubernetes, and VMs.
• Industry certifications such as CISSP, PNPT, CRTP, OSCP, AWS Security Specialty, Comptia Security+ or CySA+.
• Knowledge and understanding of security risks involving Web3, blockchain protocols, and smart contracts.

Benefits & Impact 

• Remote First + Hybrid Working Environment: Fully remote first teams with regular team retreats to foster team bonding. 
• Professional Culture: A culture of honesty, professionalism and risk taking in a high growth environment
• Work/Life Flexibility: remote work with a flexible PTO policy - 20 days PTO plus 5 flexible days. 
• Family-Friendly Benefits: best in class parental leave and flexible arrangements 
• Health & Wellness: company-paid medical/vision/dental for employee and family
• Compensation: Comprehensive package including competitive salary, bonus and equity

About Figment

At Figment, our mission is to support the adoption, growth and long term success of the Web 3 ecosystem. This is Figment’s unique approach: we make it simple to build on the next generation of blockchain technology.

We provide enterprise grade node and staking infrastructure and developer tools while also actively participating in community & governance.