Product Security Manager, Blockchain Security Architecture at Coinbase
Coinbase has built the world's leading compliant cryptocurrency platform serving over 30 million accounts in more than 100 countries. With multiple successful products, and our vocal advocacy for blockchain technology, we have played a major part in mainstream awareness and adoption of cryptocurrency. We are proud to offer an entire suite of products that are helping build the cryptoeconomy and increase economic freedom around the world.
There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for signals that a candidate will thrive in a culture like ours, where we default to trust, embrace feedback, disrupt ourselves, and expect sustained high performance because we play as a championship team. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people with the desire and capacity to build and share expertise in the frontier technologies of crypto and blockchain, in whatever way is most relevant to their role.
Coinbase stores more digital currency than any company in the world, making us a tier 1 target on the internet. There are numerous ways an attacker might try to attack Coinbase, such as cloud infrastructure, banking integrations, or customer accounts. As a Blockchain Security Engineer, you will join a premier team that focuses on one area in particular: securing cryptocurrency.
More formally stated, our Blockchain Security’s mission is to “secure funds and data from protocol through wallet.” What does this mean?
- Protocol refers to distributed ledgers, most often blockchains or similar data structures, achieving consensus despite adversarial behavior. This means that the Blockchain Security team is on the front line of knowledge and expertise about how these technologies work, and how they break: we are “as far down the crypto stack” as you can get.
- Wallet refers to Coinbase systems that track and manage interactions with the blockchain network. These systems are critical to Coinbase’s mission, and it’s our job to bring blockchain expertise into the picture.
- “Through” refers to everything in between, including smart contracts/dApps, data processing services, signing services, node software, SDKs, and more.
Our strategy to achieve this mission has the following 3 pillars.
- Understand the Asset: Provide expertise in how cryptocurrencies work, and how they break
- Secure the Integration: Provide expertise in designing and securing systems that integrate with cryptocurrencies
- Communicate and Educate: Share our expertise in order to educate and secure both internal teams and external community
These pillars are interlocking and mutually reinforcing, meaning it is hard to achieve our mission without doing all three of these things. Impactful projects within blockchain security usually add value in all three pillars.Product Security Manager, Blockchain Security Architecture
What you’ll be doing:
- Program Development. We’re looking to you to expand and formalize our Blockchain Secure Architecture and Engineering Program. As Coinbase has grown, our Product Security function has developed organically.. This program will serve to uncover issues we missed earlier in the Security lifecycle and seek to keep driving up our Security bar across our backend Cryptocurrency architecture.
- Team Management. Any team is only as strong as the individuals it’s composed of. Your primary concern will be the growth, development and health of the team. You’ll nurture the team, mentor them and unblock them. You’ll help your teammates find work they enjoy, and find ways to get through the work they don’t. We’ll ask you to hire more individuals to your team, so you’ll need to identify what skills and personalities you need to get the job done.
- Operations. Finally, we’re looking for someone who will be accountable to the operations of the team. You’ll work with your leadership to develop goals and metrics, and then we expect you to hold yourself accountable to them. Your quality bar defines the quality of the team, and we’re expecting yours to be high. From timelines to reviews, you’ll work to make sure the Security Assessments team runs smoothly. We’ll also ask you to coordinate external penetration testing engagements as we need them.
What we look for in you:
- We’re looking for progressive experience in successful application security teams, with additional credit given to those who have built and run those teams for a reasonable timeframe (4+ years of manager experience). We want you to bring your learnings and your failures to our program.
- We’re expecting you to have either an application security or engineering background (2-3 years of application security or security engineering experience). You’ll be providing support and mentorship for application security engineers, so you’ll need to have enough experience in the field to guide them as they grow. From time to time, you may take on a review project for yourself to keep your skills relevant.
- As the manager of this team, you’ll spend a significant amount of time communicating to your team, to your peers, and across the company. We look for individuals who are clear, direct, and kind in their communications. We’re expecting you to have built this skill in your career, and we’ll be testing for it in each step of the interview process.
Nice to haves:
- If you worked in a high security and/or highly regulated industry, we would love to have you extract the essentials of what you’ve learned and apply them to the unique challenges Coinbase faces in Digital Assets.
- If you have extensive experience securing large Rails, NodeJS, and Golang codebases, we can immediately start applying what you’ve learned to the code we are asked to secure. Even better if you’ve spent time training others on how to secure those codebases.
- If you’re fluent in Digital Assets, you’ll have less to learn about the fundamentals of our business, but we do not immediately decline candidates who are not totally fluent.
Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law. For US applicants, you may view Pay Transparency, Employee Rights and Equal Employment Opportunity is the Law notices by clicking on their corresponding links. Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.
Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to [email protected] coinbase.com and let us know the nature of your request and your contact information. For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here). Please contact [email protected] coinbase.com for additional information or to request accommodations.Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here: Ireland/EU, United Kingdom, and California. By submitting your application, you are agreeing to our use and processing of your data as required.