Consensys is hiring a Remote Senior Application Security Engineer MetaMask
\nAbout MetaMask\n\nWeโre building for a future where the internet and world economy empowers people through interactions based on consent, privacy, and free association. Where both communities and individuals flourish. To accomplish that, weโre working hard to make web3 accessible for everyone.\n\nMetaMask is both a crypto wallet and a gateway to the decentralized web. Our tools help people create communities, play video games, access financial services, make payments, invest in assets, protect against economic turmoil, and more. Our browser extension and mobile platforms meet the needs of millions of users and developers across the world.\n\nOriginally a humble key manager, today MetaMask serves over 30 million monthly active users as a decentralized application development platform, an aggregator of decentralized cryptocurrency exchanges, and a decentralized identity manager.\n\n \n\nAbout the Role\n\nMetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible.\n\nWe are looking for an Application Security Engineer to join our rapidly growing security team to help embed security into all phases of the software development lifecycle. You would work closely with development teams and product managers to ensure MetaMask products are designed and implemented to the highest security standards. \n\n\n\nTo apply for this position, you must have:\n\n\n* 6+ years of experience building and securing software, with at least 4 years focusing on web application security.\n\n* Experience performing security design reviews, threat modeling, or security testing.\n\n* Enthusiasm for writing code, and helping others do the same.\n\n* Experienced working with JavaScript code to identify issues.\n\n* Solid written and verbal communication skills.\n\n* Proactiveness and be self-driven to be successful working in a remote environment.\n\n* Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.\n\n* A belief in our mission and values.\n\n\n\n\n\n\n\nNice to have:\n\n\n* Experience working as a software developer.\n\n* Familiarity with the Ethereum blockchain and Decentralized Applications.\n\n* Youโre a MetaMask user!\n\n\n\n\n \n\nResponsibilities\n\n\n* Support product teams as they develop new features by conducting design reviews, threat modeling, security testing, and code reviews.\n\n* Assess potential security vulnerabilities within our applications, and work with development teams to ensure remediation in our established SLAs.\n\n* Identify gaps in MetaMaskโs secure software development life cycle (SSDLC), and take initiative leading efforts to address them.\n\n* Determine the root cause and severity of vulnerabilities reported to us through our bug bounty platform.\n\n* Participate and contribute to team meetings, roadmap planning, and discussions.\n\n* Validate that security patches address reported vulnerabilities and test for any potential bypasses\n\n* Document identified vulnerabilities in a way that allows for our engineering team to take quick action.\n\n* Proactively prevent future occurrences of a vulnerability through developing automation, security controls, and educating developers.\n\n* Write code to support the development of security engineering projects, or fix vulnerabilities in MetaMask client applications.\n\n* Pave your own path in how you want to make MetaMask more secure. \n\n\n\n\n\n\n\n\nAbout Consensys\n\nOur mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on.\n\nWorking with Consensys puts you at the forefront of an evolving paradigm, transforming our society for the better. We fundamentally believe blockchain is the next generation of technology that can lay the foundation for a more just and equitable society. \n\nBlockchain tech is just over 10 years old. Ethereum itself is still a toddler and weโre far from reaching our full potential. Youโll get to work on the tools, infrastructure, and apps that scale these platforms to billions of users. \n\nYouโll be constantly exposed to new concepts, ideas, and frameworks from your peers, and as you work on different projects โ challenging you to stay at the top of your game. Youโll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. Consensys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.\n\n \n\nWhy join Consensys? Here are some of the perks of being part of a unique organization like Consensys:\n\nOne of the most recognized tech companies in the blockchain ecosystem globally. A work experience at Consensys is a tremendous reference for your future career. Consensys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.\n\nThe forefront of a revolution. We fundamentally believe blockchain is a next generation of technology that can lay the foundation for a more just and equitable society. You can be a part of building the digital economy of tomorrow and radically transforming our society for the better.\n\nA dynamic startup environment with deep roots. We are one of the earliest blockchain companies and a leader in the space. Youโll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. \n\nDeep technical challenges. Blockchain technology is just over 10 years old. Ethereum itself is still a toddler. There is much to be done before these platforms can scale to the order of millions or billions of users. We are building the tools, infrastructure and applications l that are pushing the technology forward.\n\nContinuous learning and improvements. Youโll be constantly exposed to new concepts, ideas and frameworks from your peers and as you work on different projects โ challenging you to stay at the top of your game.\n\n\n\n\nDon't meet all the requirements? Don't sweat it. Weโre passionate about building a diverse team of humans and as such, if you think you've got what it takes for our chaotic-but-fun, remote-friendly, start-up environmentโapply anyway, detailing your relevant transferable skills in your cover letter. While we have a pretty good idea of what we need, we're ready for you to challenge our thinking on who needs to be in this role.\n\nIt is a requirement of employment in this position that applicants will be required to submit to background checks including but not limited to employment, education and criminal record checks. Further details will be provided to applicants that successfully meet the criteria for the position as determined by the company in its sole discretion. By submitting an application for employment, you are acknowledging and consenting to this requirement.\n\nThe salary range for US-based candidates only will be determined throughout the interview process depending on experience and skills. Candidates should anticipate a base salary (not including bonus, equity or other benefits) of $USD $100,000-$201,000\n\nConsenSys is an equal opportunity employer. We encourage people from all backgrounds to apply. We are committed to ensuring that our technology is made available and accessible to everyone. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law. Consensys is aware of fraudulent recruitment practices and we encourage all applicants to review our best practices to protect yourself which can be found (https://consensys.net/careers/best-practices-to-avoid-recruitment-fraud/).\n#LI-HG1\n\n\nThe salary range for US-based candidates only will be determined throughout the interview process depending on experience and skills.\nUS pay range (not including bonus, equity or other benefits)\n\n$100,000โ$201,000 USD\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Design, Web3, Crypto, JavaScript, Education, Mobile, Senior and Engineer jobs that are similar:\n\n
$70,000 — $110,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
\n\n#Location\nGLOBAL - Remote
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.
Consensys is hiring a Remote Senior Application Security Engineer
\nOur mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on.\n\nWorking with ConsenSys puts you at the forefront of an evolving paradigm, transforming our society for the better. We fundamentally believe blockchain is the next generation of technology that can lay the foundation for a more just and equitable society. \n\nBlockchain tech is just over 10 years old. Ethereum itself is still a toddler and weโre far from reaching our full potential. Youโll get to work on the tools, infrastructure, and apps that scale these platforms to billions of users. \n\nYouโll be constantly exposed to new concepts, ideas, and frameworks from your peers, and as you work on different projects โ challenging you to stay at the top of your game. Youโll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. ConsenSys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies. \n\nAbout MetaMask\n\nWeโre building for a future where the internet and world economy empowers people through interactions based on consent, privacy, and free association. Where both communities and individuals flourish. To accomplish that, weโre working hard to make web3 accessible for everyone.\n\nMetaMask is both a crypto wallet and a gateway to the decentralized web. Our tools help people create communities, play video games, access financial services, make payments, invest in assets, protect against economic turmoil, and more. Our browser extension and mobile platforms meet the needs of millions of users and developers across the world.\n\nOriginally a humble key manager, today MetaMask serves over 30 million monthly active users as a decentralized application development platform, an aggregator of decentralized cryptocurrency exchanges, and a decentralized identity manager.\n\nAbout the Role\n\nMetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible.\n\nWe are looking for an Application Security Engineer to join our rapidly growing security team to help embed security into all phases of the software development lifecycle. You would work closely with development teams and product managers to ensure MetaMask products are designed and implemented to the highest security standards.\n\nTo apply for this position, you must have:\n\n\n* 6+ years of work experience in a security domain.\n\n* Experience performing security design reviews, threat modeling, or security testing.\n\n* Enthusiasm for writing code, and helping others do the same.\n\n* Solid written and verbal communication skills.\n\n* Familiarity with the Ethereum blockchain and Decentralized Applications.\n\n* Familiarity with JavaScript & Typescript.\n\n* Proactiveness and be self-driven to be successful working in a remote environment.\n\n* Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.\n\n* A belief in our mission and values.\n\n\n\n\nBonus points:\n\n\n* Blockchain expertise.\n\n* Past experience educating or mentoring.\n\n* Experience working on a development team.\n\n* Youโve found a vulnerability in MetaMask.\n\n* Youโre a MetaMask user!\n\n\n\n\nResponsibilities\n\n\n* Support product teams as they develop new features by conducting design reviews, threat modeling, security testing, and code reviews.\n\n* Assess potential security vulnerabilities within our applications, and work with development teams to ensure remediation in our established SLAs.\n\n* Identify gaps in MetaMaskโs secure software development life cycle (SSDLC), and take initiative leading efforts to address them.\n\n* Determine the root cause and severity of vulnerabilities reported to us through our bug bounty platform.\n\n* Participate and contribute to team meetings, roadmap planning, and discussions.\n\n* Validate that security patches address reported vulnerabilities and test for any potential bypasses\n\n* Document identified vulnerabilities in a way that allows for our engineering team to take quick action.\n\n* Proactively prevent future occurrences of a vulnerability through developing automation, security controls, and educating developers.\n\n* Write code to support the development of security engineering projects, or fix vulnerabilities in MetaMask client applications.\n\n\n\n\nAbout Consensys\n\nOur mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on.\n\nWorking with Consensys puts you at the forefront of an evolving paradigm, transforming our society for the better. We fundamentally believe blockchain is the next generation of technology that can lay the foundation for a more just and equitable society. \n\nBlockchain tech is just over 10 years old. Ethereum itself is still a toddler and weโre far from reaching our full potential. Youโll get to work on the tools, infrastructure, and apps that scale these platforms to billions of users. \n\nYouโll be constantly exposed to new concepts, ideas, and frameworks from your peers, and as you work on different projects โ challenging you to stay at the top of your game. Youโll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. Consensys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.\n\nWhy join Consensys? Here are some of the perks of being part of a unique organization like Consensys:\n\nOne of the most recognized tech companies in the blockchain ecosystem globally. A work experience at Consensys is a tremendous reference for your future career. Consensys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.\n\nThe forefront of a revolution. We fundamentally believe blockchain is a next generation of technology that can lay the foundation for a more just and equitable society. You can be a part of building the digital economy of tomorrow and radically transforming our society for the better.\n\nA dynamic startup environment with deep roots. We are one of the earliest blockchain companies and a leader in the space. Youโll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. \n\nDeep technical challenges. Blockchain technology is just over 10 years old. Ethereum itself is still a toddler. There is much to be done before these platforms can scale to the order of millions or billions of users. We are building the tools, infrastructure and applications l that are pushing the technology forward.\n\nContinuous learning and improvements. Youโll be constantly exposed to new concepts, ideas and frameworks from your peers and as you work on different projects โ challenging you to stay at the top of your game.\n\nDon't meet all the requirements? Don't sweat it. Weโre passionate about building a diverse team of humans and as such, if you think you've got what it takes for our chaotic-but-fun, remote-friendly, start-up environmentโapply anyway, detailing your relevant transferable skills in your cover letter. While we have a pretty good idea of what we need, we're ready for you to challenge our thinking on who needs to be in this role.\n\nIt is a requirement of employment in this position that applicants will be required to submit to background checks including but not limited to employment, education and criminal record checks. Further details will be provided to applicants that successfully meet the criteria for the position as determined by the company in its sole discretion. By submitting an application for employment, you are acknowledging and consenting to this requirement.\n\nThe salary range for US-based candidates only will be determined throughout the interview process depending on experience and skills. Candidates should anticipate a base salary (not including bonus, equity or other benefits) of $USD [$100,000-$201,000]\n\nConsenSys is an equal opportunity employer. We encourage people from all backgrounds to apply. We are committed to ensuring that our technology is made available and accessible to everyone. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law. ConsenSys is aware of fraudulent recruitment practices and we encourage all applicants to review our best practices to protect yourself which can be found (https://consensys.net/careers/best-practices-to-avoid-recruitment-fraud/).\n\nThe salary range for US-based candidates only will be determined throughout the interview process depending on experience and skills.\nUS pay range (not including bonus, equity or other benefits)\n\n$100,000โ$201,000 USD\n\n\n \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Design, Web3, Crypto, Ethereum, JavaScript, Education, Mobile, Senior and Engineer jobs that are similar:\n\n
$70,000 — $110,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
\n\n#Location\nGLOBAL - Remote
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.
NPR is hiring a Remote Elections News Apps Developer Temporary
\nPlease submit a cover letter, your resume, portfolio and (if applicable) GitHub profile.\n\nNPRโs News Apps/graphics team is looking for a civic-minded developer to join us to cover the 2024 elections. Our team works on data visualizations, information design, creative story presentations and custom tooling to help tell stories in the NPR newsroom. (You can see some of our past work on our team blog and GitHub sites.) This is a temporary position, starting as soon as possible and running through the end of 2024, and can be based at our Washington, D.C., headquarters or at a remote location in the U.S. approved by NPR.\n\nIn this role, you will have the opportunity to help our audience make sense of the elections, including key issues, results and analysis. Your biggest responsibilities will be to help design and build our results infrastructure for primary season and the general election, and to work on related stories and analysis. You will be assigned other projects as bandwidth permits.\n\nOn this team, you will have to work quickly in a dynamic environment. Members of our team wear many hats โ designer, reporter, data wrangler, developer, cartographer, sysadmin, etc. Depending on your experience and the teamโs needs, youโll also utilize different skills day-to-day. And youโll work closely with various journalists and storytelling units around the NPR organization and across our network of member stations, including photographers and video journalists, beat reporters and show producers, copy editors, digital editors and engagement editors.\n\nThis is a union represented role covered under the terms of a collective bargaining agreement with SAG-AFTRA.\n\nRESPONSIBILITIES\n\n\n* Set up and test our election results data pipeline (using data from the AP elections API and other sources) for primary elections and the November general election\n\n* Build user-facing election results displays for use on NPR.org and member station websites\n\n* Translate editorial goals into sustainable applications and infrastructure.\n\n* Work closely with individual story producers, editors and teammates to identify opportunities for visual storytelling, data visualization and/or analysis\n\n* Assess what work realistically can be executed in the time available and meet agreed-upon deadlines\n\n* Document your work for teammates, newsroom colleagues and/or external audiences, as relevant\n\n* Coach other team members, articulating story, design and code suggestions in a helpful and supportive way\n\n* Maintain and extend the teamโs technical infrastructure and development best practices\n\n\n\n\nThe above duties and responsibilities are not an exhaustive list of required responsibilities, duties and skills. Other duties may be assigned, and this job description can be modified at any time.\n\nMINIMUM QUALIFICATIONS\n\nThree or more years of experience developing for the web in a news, civic or data-related context\n\nEDUCATION REQUIREMENT\n\nBachelorโs degree or equivalent work experience.\n\nWORK LOCATION\n\nRemote Permitted: This is a remote permitted role. This role is based out of our Washington, DC office but the employee may choose to work on a remote basis from a location that NPR approves.\n\nREQUIRED SKILLS\n\n\n* Experience designing interactive or data-heavy projects with a static architecture\n\n* Experience with setting up servers, crons and server-side data processing workflows\n\n* Solid news judgment. You can think of software in terms of the information needs of the audience\n\n* Fluency in JavaScript, HTML5 and CSS3, including responsive web design techniques.\n\n* Proven success implementing complex designs in HTML/CSS\n\n* Experience developing software projects using the Git version control system\n\n* Cultivate and promote diversity, equity, and inclusion in the workplace\n\n* Cultivate and support an inclusive and equitable workplace culture\n\n\n\n\nPREFERRED SKILLS\n\n\n* Experience with the AP elections API\n\n* Experience with Node, EJS and other elements of our technology stack.\n\n* Familiarity with Amazon Web Services and provisioning AWS resources using the console, CLI and API\n\n* Experience working iteratively and collaboratively (for example, using Agile or a similar project management process).\n\n* Experience using web components, including custom elements and shadow DOM, or other JavaScript component frameworks (such as React or Vue).\n\n* Experience with GIS/mapping software such as QGIS, Leaflet, topojson, mapshaper, or ESRI.\n\n* Familiarity with data analysis techniques, especially in command-line or scriptable environments like Jupyter Notebook, Pandas or numpy.\n\n\n\n\nJOB TYPE\n\nThis is a temporary full time position.\n\nCOMPENSATION\n\nHourly Rate: The U.S. based anticipated hourly rate for this opportunity is $46.87-57.69 plus benefits. The range displayed reflects the minimum and maximum hourly rate NPR expects to provide for new hires for the position across all US locations.\n\nBenefits: NPR offers access to comprehensive benefits for employees and dependents. Regular, full-time employees scheduled to work 30 hours or more per week are eligible to enroll in NPRโs benefits options. Benefits include access to health and wellness, paid time off, and financial well-being. Plan options include medical, dental, vision, life/ accidental death and dismemberment, long-term disability, short-term disability, and voluntary retirement savings to all eligible NPR employees. \n\nDoes this sound like you? If so, we want to hear from you. Please submit a cover letter, your resume, portfolio and (if applicable) GitHub profile. \n\n#Salary and compensation\n
No salary data published by company so we estimated salary based on similar jobs related to Design, React, JavaScript, Video and API jobs that are similar:\n\n
$60,000 — $110,000/year\n
\n\n#Benefits\n
๐ฐ 401(k)\n\n๐ Distributed team\n\nโฐ Async\n\n๐ค Vision insurance\n\n๐ฆท Dental insurance\n\n๐ Medical insurance\n\n๐ Unlimited vacation\n\n๐ Paid time off\n\n๐ 4 day workweek\n\n๐ฐ 401k matching\n\n๐ Company retreats\n\n๐ฌ Coworking budget\n\n๐ Learning budget\n\n๐ช Free gym membership\n\n๐ง Mental wellness budget\n\n๐ฅ Home office budget\n\n๐ฅง Pay in crypto\n\n๐ฅธ Pseudonymous\n\n๐ฐ Profit sharing\n\n๐ฐ Equity compensation\n\nโฌ๏ธ No whiteboard interview\n\n๐ No monitoring system\n\n๐ซ No politics at work\n\n๐ We hire old (and young)\n\n
\n\n#Location\nWashington, District of Columbia, United States
๐ Please reference you found the job on Remote OK, this helps us get more companies to post here, thanks!
When applying for jobs, you should NEVER have to pay to apply. You should also NEVER have to pay to buy equipment which they then pay you back for later. Also never pay for trainings you have to do. Those are scams! NEVER PAY FOR ANYTHING! Posts that link to pages with "how to work online" are also scams. Don't use them or pay for them. Also always verify you're actually talking to the company in the job post and not an imposter. A good idea is to check the domain name for the site/email and see if it's the actual company's main domain name. Scams in remote work are rampant, be careful! Read more to avoid scams. When clicking on the button to apply above, you will leave Remote OK and go to the job application page for that company outside this site. Remote OK accepts no liability or responsibility as a consequence of any reliance upon information on there (external sites) or here.