Engineering Manager, Blockchain Security - Asset Review at Coinbase
Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Coinbase stores more digital currency than any company in the world, making us a tier 1 target on the internet. There are numerous ways an attacker might try to attack Coinbase, such as cloud infrastructure, banking integrations, or customer accounts. As a Blockchain Security Engineer, you will join a premier team that focuses on one area in particular: securing cryptocurrency.
More formally stated, our Blockchain Security’s mission is to “secure funds and data from protocol through wallet.” What does this mean?
- Protocol refers to distributed ledgers, most often blockchains or similar data structures, achieving consensus despite adversarial behavior. This means that the Blockchain Security team is on the front line of knowledge and expertise about how these technologies work, and how they break: we are “as far down the crypto stack” as you can get.
- Wallet refers to Coinbase systems that track and manage interactions with the blockchain network. These systems are critical to Coinbase’s mission, and it’s our job to bring blockchain expertise into the picture.
- “Through” refers to everything in between, including smart contracts/dApps, data processing services, signing services, node software, SDKs, and more.
Our strategy to achieve this mission has the following 3 pillars.
- Understand the Asset: Provide expertise in how cryptocurrencies work, and how they break
- Secure the Integration: Provide expertise in designing and securing systems that integrate with cryptocurrencies
- Communicate and Educate: Share our expertise in order to educate and secure both internal teams and external community
These pillars are interlocking and mutually reinforcing, meaning it is hard to achieve our mission without doing all three of these things. Impactful projects within blockchain security usually add value in all three pillars.Asset Review Manager, Blockchain Security
The manager of the Asset Review team within Blockchain Security will report to the Director of Blockchain Security. The Asset Review Team’s primary responsibility is determining the security risk and available mitigations for crypto assets that are under consideration for addition to the Coinbase platform. The Asset Review Team also periodically re-reviews assets that are already on platform for changes in risk and mitigation status, as well determining whether asset risk mitigations can be applied to reduce the risk posed by a particular asset.
The high level goal of a crypto asset review is to provide an overall measure of how risky a particular asset is, which requires identifying top risks and identifying any available mitigations that could reduce those risks. We ask ourselves: “What can go wrong on a crypto asset network, how will we know about it, and what can we do about it?”
This Asset Review Manager is expected to own that entire problem scope end to end. As such, it has a significant and considerable scope.
The problem space can be broken down into 2 primary components:
- Execution: Blockchain security analysts perform structured asset reviews using tooling and a framework that has been internally developed. The asset review manager is responsible for working with a TPM on the execution of this review workstream, which includes refining the review process, working with cross functional partners to coordinate review priority and delivery, forecasting capacity, and communicating/planning resource requirements. The number of analysts is planned to grow significantly, with the expectation of 2 - 3 teams, along with the option of burst capacity through outsourced contractor-provided reviews. The asset review manager is responsible for building a process that ensures that these reviews are completed on schedule and at a high quality bar, working with cross functional partners to ensure coordination on priorities and timelines. The asset review manager is expected to drive increased quality and efficiency over time. The asset review manager will have input on defining the right KPIs over time, but they are expected to include both throughput and quality components.
- Improvement: Software engineers build the tooling that analysts use to perform security reviews. The SWE team will take input from the analyst/execution workstream, as well as other areas of blocksec, in order to iterate on the review process and tooling. The asset review manager will need to design a process to capture feedback from analysts, as well as grow both high performing analysts and engineers into crypto asset experts that can provide this input on how best to refine Coinbase’s review process to become more efficient and provide higher signal over time, ensuring a high quality roadmap and backlog for the review tooling. This will require a strategic understanding of the business purpose of asset security reviews in order to evolve them to meet business needs. It will also require cross functional work to ensure blockchain security maintains a cutting edge knowledge of innovations within crypto assets that need to be incorporated into Coinbase’s review framework.
What we're looking for:
Given the two main components described above, strong candidates will have experience managing versatile teams that have had to adapt to the changing needs of a business experiencing rapid growth.
The execution component requires managing a highly focused analyst team that is accountable for delivering asset reviews on schedule at a consistent quality bar. This requires working with the Director of Blockchain Security to determine the correct set of KPIs and building processes that allows the team to be held accountable to those KPIs.
The improvement component requires managing an engineering team that is responsible for tooling to enable the analysts to execute at a high level. This will require building a product management capability into the team, as improving our process will require capturing, synthesizing, and applying crypto expertise from within both teams in order to improve our review process. A large component of this role is ensuring sufficient collaboration between analysts focused on execution and engineers focused on improvement to ensure our tooling is fit for purpose and constantly improving our ability to effectively determine the risk of arbitrary crypto assets.
While analysts and engineers are initially anticipated to report directly to this role in order to continue our pace of asset reviews, this role will immediately begin hiring managers that will directly manage the ICs on the execution and improvement teams. We therefore are looking for candidates that are sufficiently experienced to hire and manage analyst and engineering managers.Day 1
Coinbase is rapidly adding assets to our platform. This means that there is no shortage of work for the Asset Review Manager on Day 1.
The top priority on day 1 will be execution of our current review pipeline. Refine our process, reporting, KPIs, in order to build out a mature approach that will scale over time.
The next highest priority is hiring. The Asset Review Manager will be responsible for hiring an engineering manager to oversee our tooling improvement workstream, and also 2 - 3 managers that will oversee our execution workstream.
A medium term priority is to ensure we are focusing on improving our efficiency, effectiveness, and reducing pain points in our review process. This requires receiving feedback from both workstreams within Asset Review, as well as working with the wider blockchain security team in order to refine our understanding of Coinbase’s requirements for asset reviews.
Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view Pay Transparency, Employee Rights and Equal Employment Opportunity is the Law notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.
Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to [email protected] coinbase.com and let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here). Please contact [email protected] coinbase.com for additional information or to request accommodations.Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here: Ireland/EU, United Kingdom, and California. By submitting your application, you are agreeing to our use and processing of your data as required.