Back To All Jobs Product Security Engineer
San Francisco, CA
Coinbase stores more digital currency than any other company in the world, making us a prime target for attackers. Whether scam groups looking to take advantage of our users or nation-states seeking to disrupt economies, the scope of our security challenge is daunting to organizations even 10x our size. Yet still, we thrive. From this challenge, Coinbase can offer an employment experience that is dramatically more impactful and eye-opening than any other.
Our charter summarizes our team: we work in tandem with Product and Engineering to design, build and operate secure systems in defense of Open Financial Systems. The services we offer and software we write enables security by default. We favor approaches that eliminate classes of vulnerability, systematically reduce risk, and provably increase trust in our software. Responsibilities
A Product Security Engineer is one part technical program manager, one part application security engineer, and two parts grit. You integrate with an entire business, helping drive security and risk evaluation from ideation to operations and sunset. The data you gather and feed back into the security organization will guide large scale security investments across all of Coinbase. You'll be the main security educator for the product you support, helping the business deeply understand the risks associated with the work they're doing.
Especially as Coinbase grows into new markets and products, scaling engineering and operations resources, you will help guide your product to long-term success and security. Your primary goal is enabler: work with your business to make risk appropriate decisions, and seek solutions to the hard security problems presented. For us, saying 'no' is the last resort, and a failure in our engagement model.
Though you will control the interaction model with your product team, there are a set of security tasks we see as fundamental to the success of Coinbase. These are:
- Threat Modeling and Architectural Risk assessment at product and service scope
- Product-level risk cataloging and security debt management
- Product-specific security training & education, from developers to executives.
- Security-specific feature work for your product/business area
- Company-wide security enhancements: Eliminating classes of weaknesses across the entire organization
Nice To Have:
- An implementation level understanding of vulnerabilities, remediations, and security controls
- Experience in Red Teams, Penetration testing, or other breaking roles.
- Experience evaluating code for vulnerability.
- Strong understanding of AWS services and architectures
- Technical expertise in our software stack (Rails, Node, Swift/Kotlin for mobile, and Golang)
- Experience with common threat modeling and risk analysis frameworks
- Experience communicating and educating multidisciplinary teams about risk, security, and appropriate risk handling
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
- Prior experience as a Technical Program Manager, AppSec Manager
- Consulting experience
- Prior work experience in Agile environments