Security Engineer
OP Recruiting · New York, NY · 2 wk ago
Information TechnologyFull-time
Responsibilities
- Application Security & Reviews: Conduct deep-dive security assessments across the product suite, including white-box code reviews, functional testing, fuzzing, and comprehensive threat modeling.
- Identity & Access Management: Oversee the full lifecycle of identity operations, including provisioning, monitoring for anomalous changes, and managing access for critical systems.
- Security Research & Automation: Design and build custom tooling for AI security and adversarial testing, focusing on reusable patterns for agent controls.
- Vulnerability Management: Lead the day-to-day operations of the bug bounty program, managing triage, remediation workflows, and high-priority escalations.
- Supply Chain & Compliance: Implement advanced monitoring for software supply chain risks beyond standard scans and coordinate external penetration testing engagements.
- Strategic Defense: Manage software security documentation and evidence gathering to support evolving compliance and organizational requirements.
Requirements (Must-have)
- Engineering Foundation: Strong background in software engineering with a transition into product or application security (5+ years of total professional experience).
- Programming Proficiency: Expertise in at least one systems-level or backend language—such as Rust, Go, or C++—with the ability to read production code and build security tooling from scratch.
- Domain Expertise: Fluency in the full security lifecycle, including secure design reviews and vulnerability testing, specifically within Web3, DeFi, or cryptocurrency environments.
- Analytical Mindset: Demonstrated experience in building security automation and conducting rigorous reviews on live production systems.
- Communication: Exceptional written communication skills for technical documentation and cross-team collaboration.
Preferred Qualifications (Nice-to-have)
- System Hardening: Proficiency in Linux administration, kernel-level security primitives, and hardening environments.
- Key Management: Experience with multisig schemes, signing policy design, and hardware security modules (HSMs).
- Advanced Architecture: Familiarity with Trusted Execution Environments (TEEs), confidential computing, or secure enclave design.
- Infrastructure Management: Hands-on experience with Enterprise IAM/SSO systems and Mobile Device Management (MDM) platforms.
Compensation & Benefits
Highly competitive total compensation package including salary and multiple forms of equity.
Fully covered (100%) health benefits for employees.
Budget for professional development, including global team retreats and industry conferences.
Weekly allowances for meals and remote work support.