We are seeking a Sr. Application Security or DevSecOps Engineer with broad set of experiences to have an early and formative impact in many areas of the ZetaChain security program. The ideal candidate will be responsible for ensuring the security of our applications throughout the software development lifecycle (SDLC) and will have ownership over several critical areas.
About ZetaChain
ZetaChain aims to be the only blockchain you’ll ever need. It is a layer 1 blockchain and developer platform that connects any L1 and L2, from Ethereum to Bitcoin and beyond. Access all of crypto in one place, as a developer or user.
ZetaChain prides itself on its vibrant and active community, a testament to our growing impact and relevance in the blockchain space:
- Thriving Ecosystem: 1000 dApps developed between testnet and mainnet, showcasing diverse innovation and utilization.
- Engagement: With over a million community members, ZetaChain fosters a dynamic environment for engagement, and collaboration.
- Live on Mainnet: partnered with all major exchanges.
- Activity: Our network has over 2M unique addresses.
- Well Funded: Raised over $27M!
Find out more about our ecosystem: https://www.zetachain.com/ecosystem
Find out more about our hiring culture: Dream Team Culture
Why You Want To Work Here
- Impactful Role: Play a pivotal role in shaping the security and efficiency of a leading blockchain protocol.
- Work Across All Crypto Risks: We’re a L1 blockchain network with a mix of web application, infrastructure security and custody concerns so working here means you’ll gain experience in every aspect of crypto.
- Remote Flexibility: Enjoy the freedom and flexibility of a remote work environment, ensuring a work-life balance. With quarterly team meet ups.
- Cutting-Edge Technology: Dive deep into the latest advancements in blockchain technology with ZetaChain's innovative protocol.
- Continuous Learning: Stay updated with the rapidly evolving blockchain landscape, ensuring you're always at the forefront of the industry.
How You Can Help Our Security Program
We are looking for a candidate who can seamlessly transition between strategic planning and tactical execution. The ideal candidate should be capable of:
- Building an Application Security Program: Develop and implement a comprehensive AppSec program that aligns with our organization's goals and risk tolerance.
- Rolling Up Their Sleeves: Be ready to dive into the technical details and get hands-on with the work. This may include writing code, scripts, and tools to automate security processes, conduct security assessments, and implement security controls.
- This Position Will Have Ownership Over:Application Security Testing & DevSecOps Automation
- Secure Software Development Lifecycle
- Secure Design and Architectural Reviews
- Our Bug Bounty Program
- External Audits & Pen Tests
- Security Monitoring of Apps & Dapps
- This Position Will Assist With:Product Security
- Incident Response
- Vulnerability Management
- We are a small and flexible team and will fully support your growth in any area even it it falls outside the scope described above.
Requirements
Our ideal candidate description is a wish list, not a checklist. We don't expect every applicant to tick every box. If you have a strong alignment with many of the qualifications and a passion for learning, we'd love to hear from you.
- Location:
- Remote (Near San Francisco or New York City Preferred)
- We are only hiring in North America, Europe, or the UK
- Languages We Use: Go, TypeScript/JavaScript, Solidity
- Tech stack: Linux, MacOS, Docker, Kubernetes
- Platforms: GCP, AWS, GitHub,
- Experience:
- 3+ Years of Application Security or Secure Coding Experience
- 1+ Years of Smart Contract & BlockChain Experience
- 1+ Years of DevSecOps Experience
- Must play well with others, security is a team sport and at ZetaChain everyone participates!
- Security Mindset: constantly anticipating and strategizing against potential threats and vulnerabilities in any system or process.
- Bonus points:
- Experience operating blockchain nodes and/or working with Web3 technologies
- Experience writing or auditing smart contracts
- Experience working at a small startup
- Understanding of:
- Blockchain Technologies: Cosmos, Ethereum, Bitcoin
- Smart contracts: Solidity, Rust, etc
- p2p networking
- Familiar with DevOps/DevSecOps methodologies & best practices
A Variety Of Experiences Are Welcome Here
- We’re looking for a candidate who is a security specialist at heart with a diverse set of experiences. Someone who enjoys the fast paced environment of a startup and isn’t afraid to get hands on writing code, scripts, and tools as needed. We recognize the right candidate may come from a non traditional background.
- A few examples:
- Web Application Security Background:
- Expertise in securing web applications, with a deep understanding of OWASP Top 10 and experience in implementing robust security measures.
- Those who have worked on projects where blockchain and web applications intersect, understanding the security implications of integrating blockchain into web environments.
- Developer with a Security Focus:
- Developers who have transitioned into application security roles, bringing a unique perspective and understanding of the development process.
- Developers who have experience implementing secure coding practices and conducting code reviews with a security mindset.
- Cryptography and Blockchain Enthusiasts:
- Individuals who have worked on securing blockchain-based applications and have a deep understanding of the unique security challenges in this domain.
- Candidates with a strong interest in and understanding in blockchain fundamentals and the security concerns associated with them.
- Those who are passionate about staying up-to-date with the latest developments in blockchain security and are eager to apply their knowledge to protect our applications.
- Red Teamer, Pen Tester, or Web3 Security ResearcherExperienced penetration testers or hacker who are confident in their development abilities and are looking to transition to the defense side of application security.
- Hackers who have a deep understanding of attack techniques and can leverage this knowledge to build robust defenses and mitigations.
- Those who are eager to apply their offensive security skills to proactively identify and address vulnerabilities in our applications and systems.
- Individuals who are excited about the opportunity to work on both offensive and defensive aspects of security, ensuring a well-rounded approach to protecting our blockchain platform.