Product Security Engineer
Remote
About us
Founded in 2015 with the mission to protect the open economy, OpenZeppelin is the world leader in securing blockchain applications and smart contracts.
Its bedrock open source Contract Libraries are a public good and industry standard for smart contract development.
OpenZeppelin’s professional expertise, unified with the Defender developer security platform, integrates through clients’ development lifecycles, so teams can plan, code, audit, deploy and operate projects faster and more safely.
Please note: Always refer to OpenZeppelin's official job page for the most accurate information about our open roles, as we have seen multiple third party job sites posting inaccurate information.
The Development team Team Blurb ❤️
As a Product Security engineer, you will join our development team that works on OpenZeppelin leading open source libraries and tools for blockchain projects, as well the OpenZeppelin Defender platform which is used to securely code, deploy, and operate smart contracts.
In this role, you will lead product security efforts across all our open source and the Defender platform. You will report to the CTO and work directly which each of the development teams. Responsibilities will include:
- Perform security-focused code reviews.
- Support and consult with product and development teams in the area of application security best practices.
- Lead threat modeling and security reviews.
- Lead in development of automated security testing to validate that secure coding best practices are being used.
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
- Support the bug bounty program.
- Support the preparation of security releases.
- Develop/acquire security training and socialize the material with internal development teams.
- Participate and assist in product design and roadmap to increase application and end-user security.
- Participate in PoC development on new features or techniques to improve security.
You Have
- 5+ years working in product security.
- Familiarity with Ethereum and Solidity security issues and best practices.
- Experience conducting security design and code reviews.
- Experience working with security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
- Experience with security tools and best practices in AWS.
- Familiarity and ability to explain common security flaws and ways to address them.
- Good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
- Familiarity with relevant security standards such as SOC2 or ISO 27001.
- Strong desire to further your education about and contribute to the blockchain space.
- Excellent and professional English communication skills (written and verbal) — all of our internal and external communication is in English — with an ability to articulate complex topics in a clear and concise manner.
- Prior experience working remotely: strong personal organizational skills, a love for self-time management, and ability to work collaboratively with a team.
Nice to Have
- Development or scripting experience and skills. Familiarity with JavaScript/TypeScript, Rust, and Solidity are preferred.
- Experience in pen testing and/or threat modeling.
Location:
This is a fully remote position with no travel required but we are only hiring in the following time zone range:
- UTC -6 to UTC +3
Logistics
Our interview process takes place on Zoom and tends to consist of the following stages:
- Recruiter Call (45 mins)
- Hiring Manager Call (45 mins)
- Team Interview (30 mins)
- Leadership Interview (30 mins)
- Paid work test
- Reference checks
Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.
Benefits
- Company in-person gatherings in different locations around the world 😎
- Fully remote work 🌎
- Flexible time off 🏝
- Paid parental leave for primary or second caregiver 💙
- One time work-from-home equipment stipend of up to $500 USD 🪑
- Co-working (up to $250/month) 👩💻
- Medical coverage
- Annual Learning & Development budget 🧠
- Referral program
- Work with a global team in a fast-growing industry 🚀
At OpenZeppelin, we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Application security AWS Blockchain ISO 27001 JavaScript Open Source Pentesting Product security Rust Scripting SOC 2 TCP/IP TypeScript Vulnerabilities
Perks/benefits: Career development Flex hours Flex vacation Health care Home office stipend Medical leave Parental leave Travel
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Officer jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Cyber Security Architect jobs
- Open Cyber Security Specialist jobs
- Open Product Security Engineer jobs
- Open Manager Pentest H/F jobs
- Open Cybersecurity Analyst jobs
- Open Staff Security Engineer jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open Senior Information Security Analyst jobs
- Open Security Specialist jobs
- Open Senior Information Security Engineer jobs
- Open Cybersecurity Consultant jobs
- Open Senior Penetration Tester jobs
- Open Consultant SOC / CERT H/F jobs
- Open IT Security Analyst jobs
- Open Security Researcher jobs
- Open Security Operations Analyst jobs
- Open IT Security Engineer jobs
- Open Cybersecurity Specialist jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open Pentesting-related jobs
- Open ISO 27001-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open Analytics-related jobs
- Open IAM-related jobs
- Open Threat intelligence-related jobs
- Open SaaS-related jobs
- Open Security assessment-related jobs
- Open APIs-related jobs
- Open Malware-related jobs
- Open Java-related jobs
- Open Forensics-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open CEH-related jobs
- Open IDS-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs