Senior Engineer, Blockchain Security - Asset Review

Coinbase stores more digital currency than any company in the world, making us a tier 1 target on the internet. As an Asset Review Senior Analyst, you will join a premier team with one overarching goal: to contribute to the “Amazon of Assets” vision of coinbase. The Amazon of Assets vision is to ensure the security of all types of Web3.0 assets, protocols, and applications.

Aside from the addition of tokens, this team also is targeting security analysis of emerging L2 Networks, bridges, and DeFi protocols. Protocol refers to distributed ledgers, most often blockchains or similar data structures, achieving consensus despite adversarial behavior. This means that the Blockchain Security team is on the front line of knowledge and expertise about how these technologies work, and how they break: we are as “far down the crypto stack” as you can get.

L2 Networks refers to networks which are layed on top of existing Blockchains or Tokens. These networks are an emerging technology that introduce new complexities and risk for custodibility of digital assets. Additionally, as the Crypto world continues to become more interconnected, the bridging of tokens across networks become more common. This role will be on the forefront of defining Coinbase’s risk and security frameworks and helping to define tooling and automation for these emerging industry trends.  

What you’ll be doing (i.e. job duties):

• Perform security assessments, framework development, and threat modeling of assets, including various blockchain protocols, smart contracts, and other distributed ledger tech.
• Partner with software engineering teams to advise on code and architecture for internal smart contract development
• Partner with internal tooling teams to drive the roadmap and vision for internal Coinbase Blockchain Security Tools
• Identify automation opportunities in our tooling and processes, deliver a Proof of Concept, and write detail technical requirements
• Work with cross-functional teams to align on risk scorings and mitigations for asset reviews and help define priority for development work
• Oversee generating KPI metrics for asset review pipeline and team performance
• Investigate impactful changes to the space, asset upgrades, and novel innovations such as zero-knowledge proofs and bleeding-edge blockchain protocols.
• Publish blogs and give talks (internal and external) on newfound vulnerabilities, incident investigations, unique integration risks, and related topics.

What we look for in you (i.e. job requirements):

• Passion for learning about and working with digital currencies
• 4+ years of CyberSecurity experience, 2+ years of SmartContract/Crypto Experience
• Security mentor who can build processes and educate internal members
• Passionate about solving complex security problems
• Comfortable with ambiguity and failure, having ownership of one’s own domain, and pride in high quality work
• Broad knowledge of security technologies, processes and techniques
• Demonstration of our core values: clear communication, positive energy, continuous learning, and efficient execution

Nice to haves:

• Bachelor’s/Master’s Degree in Computer Science, CyberSecurity, or related field
• Expertise in Solidity (or other Smart Contract Language such as Rust)
• Previous experience in a Security or Tech Lead role in appsec, devsecops, or software development
• Past experience securing digital assets
• Experience working on a remote first team
• Knowledge of api security, cloud architecture and platform security principles 
• Previous work in a high security and/or highly regulated industry

Sound cool? Let's work together.

Notice for Colorado applicants as required by sb19-085 (8-5-20). Target annual salary for this role performed in Colorado, is $175,100 + target bonus + target equity + benefits (including medical, dental, vision and 401(k)). 

ID: G2253