OpenZeppelin is hiring a Remote Product Security Engineer
\nAbout us\n\nFounded in 2015 with the mission to protect the open economy, OpenZeppelin is the world leader in securing blockchain applications and smart contracts. \n\nIts bedrock open source Contract Libraries are a public good and industry standard for smart contract development. \n\nOpenZeppelinโs professional expertise, unified with the Defender developer security platform, integrates through clientsโ development lifecycles, so teams can plan, code, audit, deploy and operate projects faster and more safely.\n\nPlease note: Always refer to OpenZeppelin's official job page for the most accurate information about our open roles, as we have seen multiple third party job sites posting inaccurate information.\nThe Development team Team Blurb โค๏ธ\n\nAs a Product Security engineer, you will join our development team that works on OpenZeppelin leading open source libraries and tools for blockchain projects, as well the OpenZeppelin Defender platform which is used to securely code, deploy, and operate smart contracts.\nIn this role, you will lead product security efforts across all our open source and the Defender platform. You will report to the CTO and work directly which each of the development teams. Responsibilities will include:\n\n\n* Perform security-focused code reviews.\n\n* Support and consult with product and development teams in the area of application security best practices.\n\n* Lead threat modeling and security reviews.\n\n* Lead in development of automated security testing to validate that secure coding best practices are being used.\n\n* Assist teams in reproducing, triaging, and addressing application security vulnerabilities.\n\n* Support the bug bounty program.\n\n* Support the preparation of security releases.\n\n* Develop/acquire security training and socialize the material with internal development teams.\n\n* Participate and assist in product design and roadmap to increase application and end-user security.\n\n* Participate in PoC development on new features or techniques to improve security.\n\n\n\n\n\nYou Have\n\n\n* 5+ years working in product security.\n\n* Familiarity with Ethereum and Solidity security issues and best practices.\n\n* Experience conducting security design and code reviews.\n\n* Experience working with security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).\n\n* Experience with security tools and best practices in AWS.\n\n* Familiarity and ability to explain common security flaws and ways to address them.\n\n* Good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).\n\n* Familiarity with relevant security standards such as SOC2 or ISO 27001.\n\n* Strong desire to further your education about and contribute to the blockchain space.\n\n* Excellent and professional English communication skills (written and verbal) โ all of our internal and external communication is in English โ with an ability to articulate complex topics in a clear and concise manner.\n\n* Prior experience working remotely: strong personal organizational skills, a love for self-time management, and ability to work collaboratively with a team.\n\n\n\nNice to Have\n\n\n* Development or scripting experience and skills. Familiarity with JavaScript/TypeScript, Rust, and Solidity are preferred.\n\n* Experience in pen testing and/or threat modeling.\n\n\n\nLocation: \n\nThis is a fully remote position with no travel required but we are only hiring in the following time zone range:\n\n\n* UTC -6 to UTC +3\n\n\n\nLogistics\n\nOur interview process takes place on Zoom and tends to consist of the following stages:\n\n\n* Recruiter Call (45 mins)\n\n* Hiring Manager Call (45 mins)\n\n* Team Interview (30 mins)\n\n* Leadership Interview (30 mins)\n\n* Paid work test\n\n* Reference checks\n\n\n\n\nPlease let us know if you require any accommodations for the interview process, and weโll do our best to provide assistance.\n\n\n\n\n\nBenefits\n\n\n* Company in-person gatherings in different locations around the world ๐\n\nFully remote work ๐\n\n* Flexible time off ๐\n\nPaid parental leave for primary or second caregiver ๐\n\nOne time work-from-home equipment stipend of up to $500 USD ๐ช\n\nCo-working (up to $250/month) ๐ฉโ๐ป\n\nMedical coverage\n\nAnnual Learning & Development budget ๐ง \n\nReferral program\n\nWork with a global team in a fast-growing industry ๐\n\n\n\nAt OpenZeppelin, we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!\n\n \n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Design, Testing, Travel, Education and Engineer jobs that are similar:\n\n
$70,000 — $100,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
\n\n#Location\nWorldwide
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.