Security researcherSwarm is a system of peer-to-peer networked nodes for a decentralised storage and communication service.Swarm could shape the future towards a self-sovereign global society and permissionless open markets. On Swarm, applications run autonomously yet securely in a planetary-scale deployment and execution environment.The Swarm Research Team is tasked with rigorously spelling out and analysing Swarm’s underlying theory as well as the current implementation. We create theories, write code, run experiments and make concrete suggestions to Swarm’s engineering teams for further improvements. Our work is consumed by various Swarm teams, as well as the wider (research) community.Your roleYour job is to keep the Swarm network safe and reliable for our users through discovering attacks and vulnerabilities before other people find out. As such,<ul><li>You are responsible to continuously examine the source code of the <a href="https://github.com/ethersphere/bee" target="_blank">bee client</a> and it’s dependencies on potential security holes. The means of examination can be, but are not limited to:Source-code audit</li><li>Penetration testing</li><li>Analysis of vulnerabilities and their solutions of comparable projects</li><li>Creation of malfunctioning/adversarial nodes</li><li>You work together with the main Swarm architects to recommend solutions to the team</li><li>You collaborate with well-renowed external auditing firms and are their first point of contact</li><li>You work together with the Swarm devops team in setting up monitoring for the Swarm network which would detect suspicious activity</li></ul>Your profile<ul><li>You like to work remotely</li><li>You have attention to detail</li><li>You are not shy to break things</li><li>You have an understanding of decentralized protocols and their vulnerabilities for attacks</li><li>You can express yourself fluently in English, at least in writing</li></ul>We appreciate<ul><li>At least knowledge of one programming language in which you are able to conduct attacks on the Swarm network. Golang is preferred</li></ul>Swarm offers/Team perks:<ul><li>An open, flat and transparent work environment</li><li>100% remote friendly</li><li>Flexible working hours</li><li>We care about our swarm: Incentives through BZZ, Swarm’s token</li></ul>Should you be interested in the position, please send your CV to talent@ethswarm.org.

Security researcher

Polychain Capital is a leading, multi-billion dollar AUM Cryptocurrency Investment and Venture Capital company. Polychain consists of a number of funds: long only, VC, multistrategy and ecosystem-specific funds. We are looking for a Senior Security Engineer to join to work across the organization in what will be a pivotal role in ensuring the future success of the Fund. Anything else you’d add in here as a ‘sell’?
<h3>Responsibilities</h3>
<ul>
 <li>Architect, develop &amp; maintain readily-accessible cryptocurrency storage solutions</li>
 <li>Build paranoid software development &amp; deployment processes</li>
 <li>Securely integrate with many DeFi protocols</li>
 <li>Consume a robust data pipeline to intelligently determine risk &amp; opportunity in the cryptocurrency landscape</li>
</ul>
<h3>Requirements</h3>
<ul>
 <li>Experience with Ethereum &amp; DeFi protocols built on top of Ethereum. Bonus points for experience tracking other prominent L1 blockchains like Polkadot, Solana, Avalanche, NEAR</li>
 <li>Deep understanding of building microservice-oriented real-time systems on GCP</li>
 <li>Experience with a breadth of programming languages like Python, TypeScript, Bash, Go, and Rust</li>
 <li>Experience building secure software systems to hold cryptocurrency strongly preferred but not absolutely essential for strong technical candidates with relevant transferable experience.</li>
 <li>Deep understanding of data structures, networks, and databases</li>
 <li>Experience working with Linux</li>
 <li>Experience utilizing industry-standard symmetric &amp; asymmetric encryption</li>
 <li>4+ years of professional software development experience</li>
 <li>Time zone flexible but needs to be US resident</li>
</ul>
Polychain is an equal opportunity workplace and is an affirmative action employer.&nbsp;Polychain does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law.&nbsp;We also consider qualified applicants with criminal histories, consistent with applicable federal, state and local law.

Senior Crypto Security Engineer

GSR is a leading market-making and programmatic trading company in the exciting and fast-evolving world of cryptocurrency trading. We provide sophisticated execution and liquidity services to token projects, institutional and HNW investors, and crypto exchanges.
We are looking for an experienced CISO to join our global Information Technology team as the main driver for defining and maintaining the enterprise vision, strategy, and program to ensure assets and technologies are safe and protected.
Your contribution will be fundamental to shape the firm's IT security ecosystem.
<h3>Responsibilities:</h3>
<ul>
 <li>Drive business and security strategy alignment to manage risk through valued investments</li>
 <li>Integrate with the business to educate, advise and influence activities with security implications</li>
 <li>Protect assets by understanding the threat landscape and effectiveness of the security program</li>
 <li>Assess and implement security technologies and standards to leverage enterprise capabilities</li>
</ul>
<h3>Some deliverables are:</h3>
<ul>
 <li>Security team and Security Operations Center (SOC) for 24x7 monitoring and incident response</li>
 <li>Security architecture providing protocols and standards for guidance</li>
 <li>Compliance management to ensure the fulfilment of regulatory requirements and internal policies</li>
 <li>Application security and DevSecOps to integrate security assurances into the development process</li>
 <li>Data protection and privacy for sensitive enterprise data in any format or location</li>
 <li>People and logistics security to protect from inadvertent human mistakes and malicious actions</li>
</ul>
<h3>Your Profile:</h3>
<ul>
 <li>10+ years of experience in IT security at global scale</li>
 <li>Good understanding of Linux, modern programming languages, cloud platforms, and the internet</li>
 <li>Working experience with IDS (e.g OSSEC, Snort, Prelude) and firewalls (e.g Palo Alto, Cisco, Juniper)</li>
 <li>Awareness of cutting edge security technologies, patterns and best practices</li>
 <li>Good leadership and analytical skills, proactive and autonomous, to plan ahead and adapt on the fly</li>
 <li>Pragmatic mindset, ability to handle difficult problems with partial data and under high pressure</li>
 <li>Advanced security accreditation as CISSP, CISA, OSCP, CASP, CCS</li>
</ul>
<h3>Experience working with the following frameworks or similar:</h3>
<ul>
 <li>Security maturity levels, to transition the company from informed to the adaptive level</li>
 <li>Multiple lines of defense, covering operational management, risk and compliance, internal audits</li>
 <li>Zero trust security framework, to eliminate the concept of trust and always verify</li>
</ul>
Founded in 2013, we specialize in providing liquidity, risk management and structured products to institutional participants in the digital asset ecosystem. Our team of veteran finance and technology executives from Goldman Sachs, Two Sigma, Citadel, Blackstone and Tower Research among others, has developed one of the world’s fastest and most robust trading platforms.
GSR works with token issuers, traders, investors, miners, and more than 50 cryptocurrency exchanges around the world. As a founding member of The Association for Digital Asset Markets (ADAM), GSR is also a leader in establishing and maintaining industry standards and protocols to support the healthy development and evolution of the global digital assets serving key exchanges and clients globally. GSR is an international company with operations in the USA, Europe and Asia.
GSR is proudly an Equal Employment Opportunity employer. We do not discriminate based upon any applicable legally protected characteristics such as race, religion, colour, country of origin,&nbsp;sexual orientation,&nbsp;gender, gender identity, gender expression or age. We operate a meritocracy, all aspects of people engagement from the decision to hire or promote as well as our performance management process will be based on the business needs and individual merit, competence in the role.

Chief Information Security Officer - Cryptocurrency

At Coinme, we're large enough to make a difference but small enough for your voice to be heard. This means that we are an organization where every person matters. You are part of the success of our business and that of our customers regardless of where you sit in our organization. A human touch in a digital world.Digital currency can transform the way we conduct business and brings new benefits to both the corporate world and to consumers globally. Coinme is on a mission to help people everywhere understand and use the power of digital currencies as a delightful medium-of-exchange, and be accessible anywhere in the world, so everyone has a fair chance for financial prosperity.From analyst to engineers, from marketing to client services experts, we're hiring to support your growth and ours – Together We Rise.Senior Security EngineerMaintaining a high security bar has earned us the trust of millions of customers. The Security team works across the organization, architecting, advising, and building solutions that make the Coinme engineering platform secure. This role will touch all facets of the engineering pipeline, from development and deployment, to core infrastructure and configuration.Successful candidates will come from a technical background with hands-on experience in working with cloud services, have a solid understanding of security controls in the digital currency space, know how to design enterprise systems for security, possess strong threat modeling experience, have experience building and documenting reliable and scalable distributed systems, and collaborate with others to drive initiatives forward. We are looking for someone who can balance technical risks against business risks and consistently drive for the right results.What You'll Be Working On: <ul><li>Collaborate with Engineering teams to incorporate strong security controls, apply security best practices in our development life cycle, and mitigate risks and security vulnerabilities</li><li>Design and coordinate cohesive responses to security events&nbsp;</li><li>Manage security services and tools , such as our SIEM, vulnerability management solution and end-point policy enforcement.</li><li>Promote a security architecture that supports Coinme’s goals and deliverables, through collaboration, design, requirements, and code.</li><li>Create and execute security test plans and test cases that cover security feature testing, fuzzing, application penetration testing, and regression etc.</li><li>Identify potential vulnerabilities (OWASP top 10 - XSS, CSRF, SQLi, critical/high and common issues in NVD, etc.) for improvement in security design</li><li>Triage and validate security vulnerabilities found or reported, and serve as SME, helping to identify mitigation solutions</li><li>Communicate issues to the application owners, provide meaningful remediation recommendations, and validate that they have been resolved</li><li>Advocate security culture and mentor team members on best practices to develop the next generation of technical security leaders</li></ul>What We're Looking For: <ul><li>Bachelors degree in Computer Science, Software Engineering, or equivalent experience</li><li>5+ years of demonstrated experience with a focus in areas such as systems, network, and/or application security.</li><li>2+ years on a Security Operations team, with experience coordinating responses to security incidents.</li><li>2+ years of hands-on experience supporting a large, complex cloud-based environment</li><li>Experience working with Security Compliance Frameworks (ISO 27001, NIST, PCI-DSS, HIPAA, Sarbanes-Oxley, SSAE16, SOC2)</li><li>Experience implementing/utilizing Federal, Industry and Open Source Security Guidance and Secure Coding Practices (OWASP, Critical Security Controls, Cloud Security Alliance, CERT, SANS, SafeCode, and CWE Top 25)</li></ul>Not Required, But Nice to Have: <ul><li>Experience working in a highly regulated industry with crypto currencies and the blockchain is a plus</li><li>Experience securing Kubernetes and distributed systems a plus</li></ul>Why You’ll Want to Work Here: <ul><li>100% Coinme-paid health insurance options for employees and dependents</li><li>100% covered Employee Assistance Program</li><li>Paid Parental Leave</li><li>Generous time off</li><li>401k with up to 4% vested match</li><li>Professional development reimbursement</li><li>Stock Options</li><li>Paid Volunteer Hours</li><li>Diverse offering of supplemental insurances</li><li>100% Remote Optional</li></ul>If this sounds exciting, we'd love to hear from you! Not sure if you're a perfect fit? Reach out anyway. We're looking for awesome individuals, not people who perfectly match a job posting.&nbsp;Coinme employees are the brightest and most talented in our field and are our greatest asset. We strive to create a diverse and inclusive culture where the thoughts and ideas of all Coinme employees are valued, appreciated, and respected. Coinme recognizes that embracing a diverse workforce brings different backgrounds, skills, and perspectives that help our company thrive and grow.&nbsp;&nbsp;Coinme is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or protected veteran status.

Senior Security Engineer

About HalbornAlready in 2021, the global cryptocurrency and DeFi industry has lost over $500M from hacks. The organization's Halborn advises have suffered 0 financially impacting incidents. Founded in 2019, Halborn was born to solve the slew of adversarial problems unique to the cryptocurrency industry including but not limited to breaches, social engineering, stolen private keys, and economic hacks. Halborn’s clientele are the very best of the best blockchain companies as well as new startups with high growth potential. Company CultureCulture is a top priority in our 100% remote organization. Halborn is a globally distributed team of 25+, looking to grow our elite team of white hat hackers, security engineers and DevSecOps specialists who value independence, learning, big challenges and the ability to make big impacts in cutting edge technologies. The right candidate will be offered a full-time salary and equity. Perks include unlimited vacation days, company laptop, and opportunities for travel. Health Insurance is dependent on the applicant’s country of residence but readily available. About the RoleWe are seeking a DevSecOps/ NodeOps Engineer superstar with a passion to build their knowledge in the blockchain ecosystem. They’ll be working with our Engineering team and current DevOps Lead. Responsibilities: <ul><li>Act as a liaison between Halborn account leads and Client development and executive teams.</li><li>Perform analysis of application architectures and security patterns.</li><li>Develop threat models in conjunction with architects and software engineering staff.</li><li>Implement security tooling and support common integrated development environments.</li><li>Participate and/or lead application vulnerability reviews and remediations.</li><li>Document and communicate application risks and vulnerabilities to technical stakeholders.</li><li>Develop and deliver Secure Developer Training and assists Dev teams with the various platforms we support, the candidate will also support tool operations for our platforms.</li><li>Supports CI/CD and build pipelines with an understanding of quality and security gates and enables integration of automated solutions to increase security.</li><li>Performs architectural reviews that are meant to identify and remedy architectural security flaws both as part of EARC sessions and in consulting engagements with dev teams</li><li>Identifies application security weaknesses and provides recommendations to correct them.</li><li>Provide risk assessments and data driven recommendations to management to increase or improve our security footprint.</li><li>Work with broader ISO team on incident response and operational/strategic initiatives.</li><li>Responsible for the use and operational maintenance of security-related systems and tools, actively works on tuning, enhancements, upgrades, and tool integrations.</li><li>Evaluates and promotes new and existing security standards, tools, and solutions with a focus on automation and securing build pipelines for a shift left approach.</li></ul> Requirements: <ul><li>Bachelor's Degree in a related field plus additional related college courses or professional training and four to seven years of progressively responsible, directly related, experience required.</li><li>One or more security certifications or a CISSP certification would be ideal</li><li>Knowledge of secure development principles and of DevSecOps</li><li>Must have a thorough understanding of web protocols TCP/IP, UDP, HTTP, HTTPS, SSL, TLS, etc.</li><li>Experience with at least one programming languages (Go, Python, PHP, etc.).</li><li>Experience with Git</li><li>Experience with monitoring tools</li><li>Knowledge of common vulnerabilities such as cross-site scripting (XSS), session hijacking, SQL injection, CSRF (Cross-Site Request Forgery), OWASP Top 10, and other attack vectors.</li><li>Experience with micro service architecture</li><li>Production experience with k8s and service mesh, logging, monitoring, etc</li><li>Experience with Terraform/Ansible to manage Infrastructure/Configuration as code</li><li>Experience with AWS and familiar with AWS services, components and common architecture patterns. Nice to have experience with Auzre, GCP, etc.</li><li>Experience with CI/CD model and know how to secure the CI/CD</li><li>Traffic and log analysis from a security perspective</li><li>Familiar with OWASP/ SANS application vulnerabilities</li><li>Experience with Secure Code Reviews</li></ul> Nice to have / Not Mandatory: <ul><li>Experience working within the blockchain / cryptocurrency ecosystem</li><li>Experience setting up node / validator infrastructure</li><li>Experience professionally or casually learning about, working in, contributing to cryptocurrency / blockchain / bitcoin / ethereum related projects.</li><li>Experience in Node / Validator / Mining infrastructure</li><li>Experience in any sector of cybersecurity / information security / infosec</li><li>An MBA</li><li>CISSP, CompTIA A+, Network+, Security+, or any relevant cybersecurity related certifications</li></ul> All candidates who make it past 2nd round will be required to: <ul><li>Pass background and criminal record check</li><li>Provide x3 relevant references</li></ul>

DevSecOps / NodeOps Engineer

Who we are: PowerTrade is a fast growing crypto trading platform for trading crypto options and other crypto derivatives. Our Android and iOS Apps are live in the respective App Stores, and offer a mobile- first trading experience that’s designed to be simple, fast and focused on trader success. Our community is what keeps us focussed and dedicated to delivering our best. PowerTrade not only offers a mobile-first crypto options platform, but has also designed the PTF DAO token which governs a treasury covering traders in black-swan events. We want traders to be successful and do everything we can to educate and inform the trading community of opportunities in crypto.<h3>Job Duties:</h3><ul><li>Develop, implement and monitor a strategic, comprehensive enterprise information security and IT risk management program</li><li>Work directly with the business units to facilitate risk assessment and risk management processes</li><li>Develop and enhance an information security management system (ISMS) and framework.</li><li>Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services</li><li>Provide leadership to the enterprise's information security organization</li><li>Partner with business stakeholders across the company to raise awareness of risk management concerns</li><li>Assist with the overall business technology planning, providing a current knowledge and future vision of technology and systems</li><li>Assist the Development team to implement and follow Cyber Security standards and best practices.</li><li>Participate in cloud security projects, including&nbsp;Azure&nbsp;and&nbsp;AWS.</li><li>Manage day-to-day tasks for cloud security,&nbsp;DAST/SAST, and&nbsp;SIEM&nbsp;tools.</li><li>Lead the Incident Response effort, develop and enhance guidelines and procedures.</li><li>Operate within modern security solutions such as next-generation&nbsp;AV/EDR, and email security solutions.</li><li>Maintain an up-to-date understanding of the latest threats, vulnerabilities, mitigation, and industry best practices.</li><li>Participate in the security review of in-house developed web, mobile, and desktop applications.</li><li>Manage web, API, and infrastructure penetration tests including static code analysis and dynamic manual and automated testing.</li><li>Conduct network remote scans of internal and external asset infrastructure.</li></ul><h3>Our Ideal Candidate:</h3><ul><li>At least eight years of professional experience in one of the areas: Security Engineering, SIEM, or Incident Response.</li><li>Knowledge of common information security management frameworks, such as ISO/IEC 27001, and NIST.</li><li>Experience in the following areas: web/API/infrastructure penetration testing, network security, network scanning.</li><li>Experience with IT security tools such as&nbsp;Burp Suite Professional,&nbsp;Nessus/Tenable IO,&nbsp;nmap,&nbsp;SAST&nbsp;tools.</li><li>Experience with Atlassian Confluence, JIRA, OpsGenie, IT Service Management (ITSM), Git.</li><li>Experience with cloud systems and the integration of cloud security tools.</li><li>Specific experience in Agile (scaled) software development or other best-in-class development practices.</li><li>Any certifications:&nbsp;OSCP,&nbsp;OSCE,&nbsp;OSWP, eWAPTX,&nbsp;eMAPT,&nbsp;Azure, or&nbsp;AWS.</li><li>ISO/IEC 27001 Certification will be considered a huge plus.</li><li>Knowledge of computer networking protocols: TCP, TLS, HTTP, etc.</li><li>Knowledge of OWASP Top 10, OWASP ASVS.</li><li>Knowledge of blockchain.</li><li>Advanced problem-solving skills.</li><li>Excellent written and verbal communication skills and a high level of personal integrity</li></ul>Think you're a good fit for the role? If you share our values and our enthusiasm for crypto and trading and you’re up for the challenge of working remotely for a distributed team, we would love to hear from you and explore the value you can add to our team. Visit our website at&nbsp;<a href="https://power.trade/" target="_blank" style="color: rgb(115, 117, 120);">https://power.trade/</a>&nbsp;or find us on Twitter, Facebook, and LinkedIn.

Senior Cyber Security Manager / CISO

The Solace DAO is looking to add to its Engineering team, which is fast moving, collaborative, and free thinking. Solace is building a community around making the DeFi space safe, secure and trusted so that we can onboard and de-risk DeFi and other crypto applications, while opening the space to millions of users. We are a small team at the start of a long journey, so a qualified candidate must be proactive, ship quality code at high velocity, and take ownership of the project, including the architecture, long-term strategy, interacting with the community, as so on. <h1>Responsibilities</h1><ul><li>Lead decentralization and development of our automated claims assessment system (currently running on AWS)</li><li>All things SysDevSecOps: recognizing the security threats, and configuring the network infrastructure, so should have up-to-the-minute details of cybersecurity threats and the latest software</li><li>Know our entire tech stack by heart and keep it well maintained</li><li>Ensure best security practices and monitoring are in place</li><li>Improve and scale the existing architecture</li><li>Help guide our overall strategy through design, prototyping, and market research.</li><li>Be a steward and influencer of our early culture</li><li>Balance speed and quality, with a focus on tangible results.</li></ul><h1>Qualifications</h1><ul><li>Knowledge of distributed systems, L1's, blockchain networks, and DevOps tools</li><li>Knowledge of web3 application development stack</li><li>Fluency and working knowledge of the crypto/blockchain industry</li><li>Adversarial mindset, security awareness</li><li>Ability to write high-quality, well-tested code</li><li>Passion for DeFi, web3, and open transparent systems</li><li>Strong written and verbal communication skills in English</li></ul><h1>Benefits</h1><ul><li>Amazing team with a huge vision</li><li>Remote fast paced work environment</li><li>Token vesting package</li><li>Training, mentorship, and coaching from industry leaders and company leadership</li><li>The opportunity to grow alongside a DAO helping create the decentralized future</li><li>Compensation will be competitive and commensurate with experience</li></ul><h1>About Us</h1>Our team is distributed across the globe. We are committed to building a highly innovative, engaged, fun workplace and culture based on <a href="https://medium.com/solace-fi/solace-redefined-c21ea4a35a6c" target="_blank">our values</a>. <h1>How to Apply</h1>Does this role sound like a good fit? Fill out the <a href="https://forms.gle/3WZNgUpt8xhnYikx6" target="_blank">application form</a> and we will contact you.

Explore 7 Security Offers