This description is a summary of our understanding of the job description. Click on 'Apply' button to find out more.

Role Description

Security is core to the product and the reason why millions of people trust Phantom to securely store their crypto assets. As a Security Engineer, you will be responsible for identifying, exploiting and mitigating security vulnerability risks in our software applications, as well as conducting security assessments and investigations. You will work closely with development teams to ensure that security is integrated throughout the software development lifecycle. Join us on our mission to make the digital economy safe and easy to use for everyone.

• Own critical security infrastructure/services for the company (Key Management for wallet infrastructure)
• Perform regular security assessments on new projects, infrastructure and code.
• Identify and mitigate security vulnerabilities in code, systems and networks through manual testing, automated tools, threat modeling and threat intelligence.
• Keep up to date with the latest offensive security techniques, application security threats, and best practices in the blockchain space, and recommend improvements to security posture.
• Write detailed reports of your findings and present them to management and technical teams, and help to prevent real-world attacks.
• Work with development teams to implement secure coding practices and to ensure the integrity of cryptographic functions.
• Collaborate with other teams such as development and platform to ensure that security is integrated throughout the organization.
• Participate in incident response and incident management activities.
• Leading large cross-team projects.

Qualifications

• 7+ years of experience in offensive security techniques, with a focus on blockchain technology and cryptography.
• Experience working with Key Management Services.
• Strong understanding of security risks, vulnerabilities and concepts in web and mobile applications.
• Proficient in code review for JavaScript & Typescript with a strong understanding of application security threats and offensive security techniques.
• Write PoC’s to prove vulnerabilities, review and ensure that patch code meets the standards set by the repository owners and maintainers.
• Strong analytical and problem-solving skills.
• Good verbal and written communication skills.

Requirements

• Nice to have experience working as a security software engineer at crypto companies.
• Experience developing key management solutions.
• Experience working with HSM, trust computing, TEEs (AWS Nitro Enclave or Intel SGX).

Benefits

• Competitive salary and equity.
• Comprehensive insurance (medical/dental/vision) — 100% covered.
• Stipend for your ideal remote set-up.
• Flexible hours and a supportive remote environment.
• Unlimited vacation: Take time when you need it (and we really mean it!).
• 401(k) retirement plan.
• Monthly wellness benefit.
• Weekly meal benefit.
• Global off-sites.