Senior Application Security Engineer
Berlin ; Erlangen ; San Francisco; Remote
WorldcoinGiving everyone a piece of the future. Worldcoin is a new global currency that will launch by giving a share to everyone, for free
About the Company:
Currently valued at $1B and backed by leading investors like Andreessen Horowitz and Coinbase Ventures, Worldcoin is a new, collectively owned global currency that will be distributed fairly to as many people as possible. Worldcoin will launch by giving a free share to everyone on Earth. We believe that this is an essential step to accelerate the transition towards a more inclusive global economy, providing new ways for everyone to share future prosperity. We hope you’ll join us on our ambitious journey.
About the Orb
Worldcoin's launch requires a "Proof-of-Personhood": a way to determine someone is human (not a bot) and hasn't already claimed their free share of Worldcoin. This is why we developed the Orb.
The Orb is an advanced biometric imaging device, custom-designed for Worldcoin's launch. Orbs are deployed to a global network of operators, who use the device to onboard new Worldcoin users. During this onboarding, the Orb will generate a hash of each user's iris and submit it to Worldcoin's trustless backend (built on Ethereum). For more details on how the Orb is part of Worldcoin's privacy-preserving approach to Proof-of-Personhood, see How the Launch Works.
The Orb solves a fierce combination of engineering and UX challenges, centered around image quality, security, and ease-of-use. Each device has an advanced iris imaging system, designed to work consistently across real-world lighting conditions. An additional suite of sensors feeds into an onboard fraud detection system, enabling use in unsecured environments. These systems are combined in a sleek industrial design with a simple, minimalist user interface.
About the Team
For Worldcoin to launch successfully on a global scale, we need to both ensure fairness and build trust with our users. Therefore, it is essential to prevent fraud, protect privacy, and ensure availability.
Beyond regular company security the goal of security at Worldcoin is to deploy an edge device to unsecured environments. We consider a wide range of threats that span tampering with the device, spoofing the device as well as backend attacks. The cross-disciplinary nature of this team requires interfacing with various other teams across the company including Economics, AI, Backend and Orb Software. We are a small security team and you will have a huge impact!
About the Opportunity
- Perform security-focused code reviews and own the vulnerability management process
- Support and consult with Worldcoin teams in the area of application security, including threat modeling and security reviews
- Grow and develop the secure application design process
- Assist teams in reproducing, triaging, and addressing application security vulnerabilities discovered by internal tools and our bug bounty program.
- Grow and develop the bug bounty program.
- Assist in development of security processes and automated tooling that prevent classes of security issues.
- 6+ years of technical experience with at least 3 years of experience leading efforts in ApplicationSecurity.
- Experience in Programming languages such as Python, Go, and Rust
- Experience with Application Security Testing Tools such as SAST, DAST, IAST or SCA.
- Familiarity with OWASP Top 10 and other Secure Development Life Cycle practices.
- Familiarity with AWS architecture/ecosystem.
- Familiarity with API security
- Code review experience
- Container security experience
- Experience automating services/tools
- Experience leading threat modeling sessions with developers
Nice to have:
- Application security architect and design experience
- Experience as a Security Champion
- Experience with Kubernetes and AWS EKS
- Familiarity with how containers work and how to secure containers.
- One or more of the following AWS certifications: AWS Certified Solutions Architect, AWS Certified Security - Specialty, AWS Certified Developer
- One or more of the following certifications: CISSP, GWAPT, GPEN, CEH, CSSLP, and Sec+.
* Salary range is an estimate based on our salary survey 💰
More jobs like this
Remote- US, Canada, UK, … Remote- US, Canada, UK, Germany Full TimeSenior Senior-levelUSD 56K - 104K * USD 56K+ *
Sr. Software Engineer (Security)Application security Audits Cryptography Machine Learning Open Source OWASP PKI +2
Career development Equity Flex hours Flex vacation Health care +3
Explore more InfoSec/Cybersecurity career opportunities
Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Staff Product Security Engineer jobs
- Open IT Security Engineer jobs
- Open Head of Information Security jobs
- Open Senior Security Operations Engineer jobs
- Open Senior SOC Analyst jobs
- Open Security Consultant jobs
- Open Senior Information Security Analyst jobs
- Open Lead Security Engineer jobs
- Open Information System Security Officer (ISSO) jobs
- Open Cybersecurity Analyst jobs
- Open Infrastructure Security Engineer jobs
- Open Staff Application Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Sr. Security Engineer jobs
- Open Senior Information Security Engineer jobs
- Open Senior Infrastructure Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Senior Cybersecurity Engineer jobs
- Open IT Security Analyst jobs
- Open Offensive Security Engineer jobs
- Open Senior Security Analyst jobs
- Open Senior Air Defense/BMD Subject Matter Expert jobs
- Open Electronic Warfare Advanced Tactical Trainer jobs
- Open Clearance-related jobs
- Open GCP-related jobs
- Open Governance-related jobs
- Open Pentesting-related jobs
- Open Network security-related jobs
- Open Risk assessment-related jobs
- Open SaaS-related jobs
- Open Forensics-related jobs
- Open ISO 27001-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Vulnerability management-related jobs
- Open IDS-related jobs
- Open DevOps-related jobs
- Open Cryptography-related jobs
- Open Threat intelligence-related jobs
- Open CISM-related jobs
- Open Analytics-related jobs
- Open Kubernetes-related jobs
- Open APIs-related jobs
- Open TCP/IP-related jobs
- Open IAM-related jobs
- Open CISA-related jobs
- Open IPS-related jobs
- Open DevSecOps-related jobs