Senior Application Security Engineer - MetaMask

About MetaMask

We’re building for a future where the internet and world economy empowers people through interactions based on consent, privacy, and free association. Where both communities and individuals flourish. To accomplish that, we’re working hard to make web3 accessible for everyone.

MetaMask is both a crypto wallet and a gateway to the decentralized web. Our tools help people create communities, play video games, access financial services, make payments, invest in assets, protect against economic turmoil, and more. Our browser extension and mobile platforms meet the needs of millions of users and developers across the world.

Originally a humble key manager, today MetaMask serves over 30 million monthly active users as a decentralized application development platform, an aggregator of decentralized cryptocurrency exchanges, and a decentralized identity manager.

About the Role

MetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible.

We are looking for an Application Security Engineer to join our rapidly growing security team to help embed security into all phases of the software development lifecycle. You would work closely with development teams and product managers to ensure MetaMask products are designed and implemented to the highest security standards. 

To apply for this position, you must have:

• 6+ years of experience building and securing software, with at least 4 years focusing on web application security.
• Experience performing security design reviews, threat modeling, or security testing.
• Enthusiasm for writing code, and helping others do the same.
• Experienced working with JavaScript code to identify issues.
• Solid written and verbal communication skills.
• Proactiveness and be self-driven to be successful working in a remote environment.
• Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.
• A belief in our mission and values.
  
  

Nice to have:

• Experience working as a software developer.
• Familiarity with the Ethereum blockchain and Decentralized Applications.
• You’re a MetaMask user!

Responsibilities

• Support product teams as they develop new features by conducting design reviews, threat modeling, security testing, and code reviews.
• Assess potential security vulnerabilities within our applications, and work with development teams to ensure remediation in our established SLAs.
• Identify gaps in MetaMask’s secure software development life cycle (SSDLC), and take initiative leading efforts to address them.
• Determine the root cause and severity of vulnerabilities reported to us through our bug bounty platform.
• Participate and contribute to team meetings, roadmap planning, and discussions.
• Validate that security patches address reported vulnerabilities and test for any potential bypasses
• Document identified vulnerabilities in a way that allows for our engineering team to take quick action.
• Proactively prevent future occurrences of a vulnerability through developing automation, security controls, and educating developers.
• Write code to support the development of security engineering projects, or fix vulnerabilities in MetaMask client applications.
• Pave your own path in how you want to make MetaMask more secure. 

About Consensys

Our mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on.

Working with Consensys puts you at the forefront of an evolving paradigm, transforming our society for the better. We fundamentally believe blockchain is the next generation of technology that can lay the foundation for a more just and equitable society. 

Blockchain tech is just over 10 years old. Ethereum itself is still a toddler and we’re far from reaching our full potential. You’ll get to work on the tools, infrastructure, and apps that scale these platforms to billions of users. 

You’ll be constantly exposed to new concepts, ideas, and frameworks from your peers, and as you work on different projects — challenging you to stay at the top of your game. You’ll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. Consensys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.

Why join Consensys? Here are some of the perks of being part of a unique organization like Consensys:

One of the most recognized tech companies in the blockchain ecosystem globally. A work experience at Consensys is a tremendous reference for your future career. Consensys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.

The forefront of a revolution. We fundamentally believe blockchain is a next generation of technology that can lay the foundation for a more just and equitable society. You can be a part of building the digital economy of tomorrow and radically transforming our society for the better.

A dynamic startup environment with deep roots. We are one of the earliest blockchain companies and a leader in the space.  You’ll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem.  

Deep technical challenges. Blockchain technology is just over 10 years old. Ethereum itself is still a toddler. There is much to be done before these platforms can scale to the order of millions or billions of users. We are building the tools, infrastructure and applications l that are pushing the technology forward.

Continuous learning and improvements. You’ll be constantly exposed to new concepts, ideas and frameworks from your peers and as you work on different projects — challenging you to stay at the top of your game.

Don't meet all the requirements? Don't sweat it. We’re passionate about building a diverse team of humans and as such, if you think you've got what it takes for our chaotic-but-fun, remote-friendly, start-up environment—apply anyway, detailing your relevant transferable skills in your cover letter. While we have a pretty good idea of what we need, we're ready for you to challenge our thinking on who needs to be in this role.

It is a requirement of employment in this position that applicants will be required to submit to background checks including but not limited to employment, education and criminal record checks. Further details will be provided to applicants that successfully meet the criteria for the position as determined by the company in its sole discretion. By submitting an application for employment, you are acknowledging and consenting to this requirement.

The salary range for US-based candidates only will be determined throughout the interview process depending on experience and skills. Candidates should anticipate a base salary (not including bonus, equity or other benefits) of $USD $100,000-$201,000

ConsenSys is an equal opportunity employer. We encourage people from all backgrounds to apply. We are committed to ensuring that our technology is made available and accessible to everyone. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law. Consensys is aware of fraudulent recruitment practices and we encourage all applicants to review our best practices to protect yourself which can be found (https://consensys.net/careers/best-practices-to-avoid-recruitment-fraud/).
#LI-HG1