Senior Application Security Engineer

Details

Consensys is the leading blockchain and web3 software company. Through products including the MetaMask platform, Infura, Linea, Diligence, and Phosphor, Consensys builds tools, infrastructure, and apps that scale to onboard large numbers of users and developers. MetaMask aims to create a thriving engineering organization that supports engineers' wellbeing while empowering them to do work they are proud of.

MetaMask has experienced explosive user growth as a cryptographic key manager and web3 application development platform. As this user base continues to grow, it is critical to keep users as safe and secure as possible.

Responsibilities

• Determine the root cause and severity of vulnerabilities reported via the bug bounty platform.
• Interface with ethical hackers, triage reports, and guide product engineering teams to resolution.
• Document identified vulnerabilities so engineering teams can take quick action.
• Write code to support security engineering projects or fix vulnerabilities in MetaMask client applications, including developing AI tooling for vulnerability determination and resolution.
• Assess potential security vulnerabilities within applications and work with development teams to ensure remediation within established SLAs.
• Support product teams by conducting design reviews, threat modeling, security testing, and code reviews.
• Identify gaps in MetaMask’s secure software development life cycle (SSDLC) and lead efforts to address them.
• Participate and contribute to team meetings, roadmap planning, and discussions.
• Validate that security patches address reported vulnerabilities and test for potential bypasses.
• Proactively prevent future occurrences through automation, security controls, and developer education.

Requirements

• 6+ years of experience building and securing software, with at least 4 years in a product security or application security position.
• Experience securing server-side applications and environments.
• Experience performing security design reviews, threat modeling, or security testing.
• Enthusiasm for writing code and helping others do the same.
• Experience securing web applications and APIs.
• Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.
• Solid written and verbal communication skills.
• Proactiveness and ability to be self-driven in a remote environment.
• A belief in Consensys' mission and values.
• Timezone: most timezones will work; some overlap with EU and US-Pacific time zones will be necessary.
• Employment contingent on background checks (employment, education, criminal record checks).

Nice to have

• Experience working as a software developer.
• Familiarity with the Ethereum blockchain and decentralized applications.
• Being a MetaMask user.

Salary

US pay range (not including bonus, equity or other benefits): $130,000—$218,000 USD (for US-based candidates).

Benefits

• Competitive benefits package.
• Equity on joining.
• Recognition in the blockchain and Web3 ecosystem.
• Continuous learning & development (Consensys Advance Program, Coursera access).
• Unlimited vacation/holidays and company "zero productivity" days.
• Flexible working arrangements and remote-first global team.