Determine the root cause and severity of vulnerabilities reported to us through our bug bounty platform.
Interface with ethical hackers, triage reports, and guide product engineering teams to resolution.
Document identified vulnerabilities in a way that allows for our engineering team to take quick action.
Write code to support the development of security engineering projects, or fix vulnerabilities in MetaMask client applications. This includes the development of AI tooling for vulnerability determination and resolution in order to keep pace with the changing AI-powered vulnerability detection landscape.
Assess potential security vulnerabilities within our applications, and work with development teams to ensure remediation in our established SLAs.
Support product teams as they develop new features by conducting design reviews, threat modeling, security testing, and code reviews.
Identify gaps in MetaMask’s secure software development life cycle (SSDLC), and take initiative leading efforts to address them.
Participate and contribute to team meetings, roadmap planning, and discussions.
Validate that security patches address reported vulnerabilities and test for any potential bypasses
Proactively prevent future occurrences of a vulnerability through developing automation, security controls, and educating developers.
Pave your own path in how you want to make MetaMask more secure.

Requirements

6+ years of experience building and securing software, with at least 4 years in a product security, or application security position.
Experience securing server-side applications and environments.
Experience performing security design reviews, threat modeling, or security testing.
Enthusiasm for writing code, and helping others do the same.
Experience securing web applications & APIs
Solid written and verbal communication skills.
Proactiveness and be self-driven to be successful working in a remote environment.
Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.
A belief in our mission and values.

Benefits

Health insurance
401(k) matching
Flexible work hours
Paid time off
Remote work options

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

vulnerability assessmentsecurity design reviewsthreat modelingsecurity testingcode reviewsAI tooling developmentsecure software development life cycleweb application securityAPI securityserver-side application security

Soft Skills

written communicationverbal communicationproactivenessself-driventeam collaborationinitiativeproblem-solvingeducational skills