Senior Product Security Engineer

CoinList is where the world’s best crypto projects build their communities and early adopters can invest in and trade top-tier digital assets. Our mission is to accelerate the advancement of blockchain technology, by finding the best emerging blockchain projects and helping them succeed. CoinList has become the global leader in new token issuance, helping blue chip projects like Solana, Filecoin, Celo, Dapper Labs, and others raise over $1.1 Billion and connect them with hundreds of thousands of new token holders. And we now support the full lifecycle of crypto investment, from token sales through token distribution, trading, lending, and crypto-specific services such as staking and access to decentralized-finance opportunities. CoinList users trade and store Bitcoin, Ether, and many other popular crypto assets through CoinList.co, CoinList Pro (our full-service exchange), and mobile apps, while also getting exclusive access to the best new tokens before they list on other exchanges.

Unlike other centralized crypto finance platforms, we're not here to just build a bank or a brokerage. We're building the platform for people who are passionate about moving crypto forward, and we’re just getting started. Come join us and propel the future of crypto!

The Opportunity

As a Product Security Engineer at CoinList, you will play a crucial role in two core areas - shipping security focused features and ensuring our code base is developed through activities such as code security testing,  threat modeling, developer security education, integrated testing tooling and more.

Who you are:

• You're an experience developer that has a passion for cyber security - this role will involve shipping product quality code
• You’ve worked on critical product security features in the past or owned parts of the secure SDLC and seek to grow in your security impact
• You are familiar with a variety of different security testing techniques (static / dynamic testing, 3rd party testing) and different secure development standards (OWASP, PCI, NIST, etc)
• You believe in a “push left security approach”  where software security is achieved through integrated tooling and automation that works closely with developers instead of a checkpoint bottleneck with external security teams

What you will do:

• Shipping security enhancing product features
• Building and owning the secure development lifecycle including components such as: developer security education, static/dynamic testing tools, third party testing, integrated CI/CD security checks etc
• Partnering with product teams for secure design and threat modeling 
• Identify and partner with third party security vendors (as needed) to bolster our security capabilities

Requirements:

• Strong development experience with experience shipping production quality code
• Experience with security tools such as web proxies, static and dynamic testing, dependency checkers, etc
• Experience securing modern applications deployed within AWS.
• Experience performing threat modeling activities to determine necessary security controls.
• Experience integrating security testing into the CI/CD pipeline.
• Excellent written and verbal communication skills.
• Ability to work in a fast-paced environment and handle multiple tasks.

As an early employee at CoinList, you will be a critical part of our core team and have a huge influence over the direction of the company. We will compensate you well, invest deeply in your development, and do everything we can to make sure this is the single best work experience of your life. At CoinList, we are proud to be an Equal Opportunity Employer. We celebrate diversity, value our differences, and are committed to creating an inclusive environment for all employees. Base salary range: 150 - 215k + equity + bonus. We are open to a range of background and experience levels for this role. 

#LI-Remote