Perform deep-dive security reviews of web applications, APIs, and cloud infrastructure.
Develop security-focused tools and libraries in Go, Java, or Ruby to assist developers in writing secure code.
Support our blockchain initiatives by identifying risks in L1/L2 integrations and smart contract interactions.
Manage and tune Web Application Firewalls (WAF) and cloud-native security controls.
Contribute to the security culture through developer training and participating in incident response when necessary.
Build and maintain the tooling that integrates security into our development lifecycle, moving from manual reviews to automated, scalable guardrails.
Partner with engineering teams during the design phase of new features (Threat Modeling) to identify risks before a single line of code is written.
Manage the end-to-end lifecycle of vulnerabilities, from discovery via internal audits or Bug Bounties to collaborating with engineers on "gold-standard" remediations.

Requirements

Proven ability to perform deep-dive manual security testing while also securing production-quality code.
Expert-level knowledge of OWASP Top 10, CWE, and API security vulnerabilities (Go, Java, or Ruby preferred).
Experience building and scaling security checks directly into CI/CD pipelines (GitHub Actions, GitLab CI, Jenkins).
Working knowledge of AWS/GCP security configurations, particularly IAM, VPCs, and WAF management.

Benefits

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GoJavaRubysecurity testingAPI securityCI/CD pipelinesAWSGCPWeb Application Firewallsvulnerability management

Soft Skills

developer trainingincident responsecollaborationrisk identificationsecurity culture