Head of AppSec (Application Security)

Remote

Applications have closed

Parity

Parity Technologies builds core blockchain infrastructure. From Parity Ethereum, the most advanced Ethereum client, to Polkadot, the next-generation interoperable blockchain network.

View company page

Parity is one of the world's most experienced core blockchain infrastructure companies, having built and pioneered some of the most advanced technologies in the blockchain sector. Parity was founded by Dr. Gavin Wood, co-founder and former CTO of Ethereum, the primary engineer behind the Ethereum Virtual Machine (EVM), inventor of the Solidity programming language, and primary author of the Ethereum Yellowpaper.

Based in Berlin, London, and Lisbon with over 340 employees worldwide, Parity has built clients for Ethereum, Bitcoin, and Zcash and has pioneered a completely new, next-generation blockchain protocol with Polkadot and the framework it’s built with, Substrate. Parity builds the open-source technologies needed to power an unstoppable, decentralized web—known as Web3—and helps developers and organizations implement and build upon the Web3 tech stack.

 

About the position:

Parity has a lot of products: blockchain clients written in Rust, mobile apps written in platform-native languages, browser-based tools and extensions written in JavaScript. We also maintain some crypto and networking libraries (mostly in Rust) and a blockchain framework used by several hundreds of third-party teams. All of this code needs to be consistently secured — and as a head of AppSec, it would be your job.

What you will do:

  • be that important link helping security researchers (be that independent auditors, bug bounty hunters or even yourself) and engineers in charge of the code understand each other; 
  • help teams learn state of the art security practices and embed them into day-to-day work;
  • perform a lot of threat modelling and other pre-audit documentation work to help us get most kick for the (quite significant) buck we spend on those audits;
  • hone and improve our security-related processes like bug bounty and internal vulnerability response;
  • and of course this is not a single-man job, so you’d be building and growing a team to help you with those challenges.

 

About you:

  • know your security tools and approaches: you should be leading our way when setting up SAST, DAST, fuzzing, property-based testing, symbolic execution, network simulation tools and such;
  • have exposure to cryptography, decentralized networking, hardware key management solutions;
  • have understanding of modern blockchain tech landscape and the new classes of threats it experiences;
  • have experience in threat modelling, red/blue teaming, working with best in class independent security teams and turning their findings into actual deployed fixes in our codebase;
  • be able to help with hiring, lead the resulting team and set up security practices all around the company;
  • be a self-starter: most of the time there would be little guidance on which areas to work on first and what to improve there. You’re expected to determine that yourself, keeping company-wide goals in mind, and drive those initiatives to completion.

Nice to have:

  • Rust knowledge;
  • Prior work experience in blockchain/cryptocurrency fields;
  • located in or willing to relocate to Berlin, Germany;
  • A background in open source software development;
  • Passionate about Web 3.0 and what it represents for the future;
  • Have an interest in Parity and accompanying technologies such as Substrate.

 

About working for us:

For everyone who joins us:

  • Competitive remuneration packages, including tokens (where legally possible), based on iterative market research
  • Remote-first, global working environment with flexible hours
  • Collaborative, fast-paced, and self-initiating culture, designed to mimic an open source workflow
  • Energising and collaborative team and company retreats all over the world
  • Opportunity to learn more about Web3 while on the job, with access to some of the brightest minds in this space; we have plenty of educational initiatives such as internal sessions, all-hands, AMAs, hackathons, etc.
  • Teammates who are genuinely excited about their job, impact, and Parity’s mission
  • Opportunity to relocate to Germany or Portugal

For those joining us as employees in Germany, Portugal, or the U.K.:

  • 28 paid vacation days per year
  • Work laptop (macOS or Linux-based) and equipment to enable you to work successfully
  • £2,500 yearly learning and development budget for conferences or courses of your choice



 

Not a perfect match to our requirements? We're still excited to receive your application and hear how you think you can help us achieve our mission.

To see how we use your data please see our Applicant Notice.

 

Tags: Application security Audits Blockchain Crypto Cryptography DAST JavaScript Linux MacOS Open Source Rust SAST

Perks/benefits: Career development Conferences Flex hours Flex vacation Gear Team events

Region: Remote/Anywhere
Job stats:  24  1  0

More jobs like this

Explore more InfoSec / Cybersecurity career opportunities

Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.