Product Security Engineer

About us

Founded in 2015 with the mission to protect the open economy, OpenZeppelin is the world leader in securing blockchain applications and smart contracts.

Its bedrock open source Contract Libraries are a public good and industry standard for smart contract development.

OpenZeppelin’s professional expertise, unified with the Defender developer security platform, integrates through clients’ development lifecycles, so teams can plan, code, audit, deploy and operate projects faster and more safely.

Please note: Always refer to OpenZeppelin's official job page for the most accurate information about our open roles, as we have seen multiple third party job sites posting inaccurate information.

The Development team Team Blurb ❤️

As a Product Security engineer, you will join our development team that works on OpenZeppelin leading open source libraries and tools for blockchain projects, as well the OpenZeppelin Defender platform which is used to securely code, deploy, and operate smart contracts.
In this role, you will lead product security efforts across all our open source and the Defender platform. You will report to the CTO and work directly which each of the development teams. Responsibilities will include:

• Perform security-focused code reviews.
• Support and consult with product and development teams in the area of application security best practices.
• Lead threat modeling and security reviews.
• Lead in development of automated security testing to validate that secure coding best practices are being used.
• Assist teams in reproducing, triaging, and addressing application security vulnerabilities.
• Support the bug bounty program.
• Support the preparation of security releases.
• Develop/acquire security training and socialize the material with internal development teams.
• Participate and assist in product design and roadmap to increase application and end-user security.
• Participate in PoC development on new features or techniques to improve security.

You Have

• 5+ years working in product security.
• Familiarity with Ethereum and Solidity security issues and best practices.
• Experience conducting security design and code reviews.
• Experience working with security libraries and tools (e.g. static analysis tools, proxying / penetration testing tools).
• Experience with security tools and best practices in AWS.
• Familiarity and ability to explain common security flaws and ways to address them.
• Good understanding of network and web related protocols (such as TCP/IP, UDP, HTTP, HTTPS, protocols).
• Familiarity with relevant security standards such as SOC2 or ISO 27001.
• Strong desire to further your education about and contribute to the blockchain space.
• Excellent and professional English communication skills (written and verbal) — all of our internal and external communication is in English — with an ability to articulate complex topics in a clear and concise manner.
• Prior experience working remotely: strong personal organizational skills, a love for self-time management, and ability to work collaboratively with a team.

Nice to Have

• Development or scripting experience and skills. Familiarity with JavaScript/TypeScript, Rust, and Solidity are preferred.
• Experience in pen testing and/or threat modeling.

Location:

This is a fully remote position with no travel required but we are only hiring in the following time zone range:

• UTC -6 to UTC +3

Logistics

Our interview process takes place on Zoom and tends to consist of the following stages:

• Recruiter Call (45 mins)
• Hiring Manager Call (45 mins)
• Team Interview (30 mins)
• Leadership Interview (30 mins)
• Paid work test
• Reference checks

Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance.

Benefits

• Company in-person gatherings in different locations around the world 😎
• Fully remote work 🌎
• Flexible time off 🏝
• Paid parental leave for primary or second caregiver 💙
• One time work-from-home equipment stipend of up to $500 USD 🪑
• Co-working (up to $250/month) 👩‍💻
• Medical coverage
• Annual Learning & Development budget 🧠
• Referral program
• Work with a global team in a fast-growing industry 🚀

At OpenZeppelin, we are an equal opportunity employer and we value different perspectives. We are committed to building a diverse workforce. This includes but is not limited to gender, race, sexual orientation, religion, national origin and other characteristics that make each one of us unique. In this uniqueness, we find the most value. Come join us!