Key responsibilities include:

• Implementing secure coding practices and identifying vulnerabilities early through tools
• Reviewing for secure cloud infrastructure and ensuring compliance with security standards
• Integrating, monitoring, and improving DevSecOps tools and processes
• Performing continuous vulnerability assessments, risk mitigation, and risk management
• Designing and implementing Zero Trust security models, platform-based controls, and automated guardrails

Additionally, the DevSecOps engineer will support and consult with product and development teams to address application security risks throughout the lifecycle, provide security training and outreach to internal teams and customers, and monitor KPIs and customer experience to refine security processes and adherence.

This role requires strong development or scripting experience, specifically in Java, to automate routine tasks and improve system reliability. The ideal candidate will have a deep familiarity with common security flaws and the use of security libraries and static analysis tools (SAST).

Bachelor's degree in a relevant field or an equivalent combination of education, training, and experience is required. A minimum of 3 years of professional experience is also necessary. Certification in DevSecOps, Kubernetes, or HashiCorp is desirable but not essential.

XML job scraping automation by YubHub

Responsibilities:

Lead security audits of (a subset of) the Espresso codebase As a project leader, you will have mobility in how you choose to organize security and audit efforts Dive into the code of a fairly complex distributed system, learning and developing an understanding of the system on the fly (with help from the engineering team that built it, of course) Coordinate with several engineering teams to aid in your audit, raise concerns and communicate results, and guide the effort to harden the system based on your findings Coordinate with, manage, and review the work of external security auditing teams, in certain cases Suggest improvements to testing and engineering practices to promote more secure and maintainable code

Requirements:

Solid grasp of software engineering principles, both low-level (e.g. language-specific best practices) and high-level (e.g. reliable software architecture, particularly in distributed systems) If focused on Rust: ≥ 1 year experience writing Rust, particularly with async Rust. If focused on Solidity: Multiple years experience writing smart contracts; experience with smart contract security audits or formal verification of smart contracts Experience as an engineer or software architect in a security-critical industry Be capable of describing the stakes, the challenges you've faced in building secure software, and the steps/processes you've taken to mitigate risk Experience as an auditor, pentester, QA tester, etc. Have a well thought-out approach to testing software and designing it to be testable/auditable Ability to think adversarially, and identify potential reliability or security vulnerabilities even in software that is correct in common or “happy path” scenarios Experience on the design and/or testing of distributed systems Comfort diving into unknowns and asking questions

Preferred:

Knowledge of relevant testing and static analysis tools (e.g. Foundry, Slither) is a plus Blockchain knowledge/experience is preferred, but could also be include IoT, automotive, finance, etc. Ideally, the candidate should have a general philosophy of software design that has been molded by experience working on security-critical systems

Benefits:

Fully remote with flexible hours Work alongside the brightest minds in the crypto space Competitive salary + equity package Regular team off-sites to international locations Unlimited vacation policy Top-tier health, dental, and vision coverage for US employees

XML job scraping automation by YubHub