Coinbase Sign In - Offensive Security Engineer, Assessments (Web3)
Upload My Resume
Drop here or click to browse · Tap to choose · PDF, DOCX, DOC, RTF, TXT
Requirements
• Participation in CTFs, bug bounty programs, or open-source security research. • Expertise in Application Security, Network Security, or Cloud Security. • Relevant security certifications (e.g., OSCP, GPEN). • Experience developing and implementing security tooling to support bug bounty triage and analysis. • Experience with bug bounty programs and platforms, including triage, validation, and researcher communication. • Strong analytical skills to identify trends and patterns in bug bounty submissions. • Excellent communication skills to effectively engage with bug bounty researchers.
Responsibilities
• Conduct security assessments of Web3 products and services, including smart contracts, DeFi protocols, and blockchain infrastructure. • Collaborate with partner teams to enhance detection and response capabilities for Web3 vulnerabilities. • Stay informed on emerging security trends, advisories, and academic research in the Web3 space. • Lead Web3 bug bounty triage and validation, ensuring timely and accurate assessments of reported vulnerabilities. • Develop and implement strategies to incentivize high-quality bug bounty submissions and engage with the hacker community. • Manage the Web3 bug bounty program, including scope updates, researcher communication, and payout disbursements. • Analyze bug bounty data to identify trends, common vulnerabilities, and areas for improvement. • Collaborate with engineering teams to prioritize and remediate vulnerabilities identified through the bug bounty program. • Mentor and train junior security engineers in Web3 bug bounty triage and analysis. • Provide on-call support for critical Web3 bug bounty-related incidents. • Document and report on Web3 bug bounty metrics and program effectiveness. • What we look for in you (ie. job requirements): • Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field. • 3+ years of experience in Web3 application security and penetration testing. • Proven track record of identifying critical vulnerabilities across the blockchain protocol stack, Web2, and Web3 components. • Extensive knowledge of the blockchain ecosystem, including L1/L2 networks, DeFi protocols, and staking mechanisms. • Deep understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25). • Strong analytical skills to identify trends and patterns in vulnerabilities. • Excellent communication skills for engaging with internal teams. • Passion for security and a drive to improve Web3 security posture. • Ability to work independently and take ownership of penetration testing initiatives. • Energy and self-drive for continuous learning in the rapidly evolving crypto space. • Excellence in clear, direct, and kind communication with technical and non-technical stakeholders. • Experience building relationships with product, engineering, and security teams.
Benefits
• Medical Plan, Dental and Vision Plan with generous employee contributions • Health Savings Account with company contributions each pay period • Disability and Life Insurance • 401(k) plan with company match • Wellness Stipend • Mobile/Internet Reimbursement • Connections Stipend • Volunteer Time Off • Fertility Counseling and Benefits • Generous Time off/Leave Policy • The option of getting paid in digital currency
No credit card. Takes 10 seconds.