Coinbase stores more digital currency than any company in the world, making us a tier 1 target on the internet. Given breaches are the number one cause of death amongst digital currency companies, security is core to our mission and has been a key competitive differentiator for us as we scale. If you’re a security professional looking to fight on the front lines in a high-stakes, high-intensity environment, we’d like to speak with you about joining our security team.

We’re a small team working with a large engineering group. We work on deployment and security tooling, developer education, security-critical design and code review and good ol-fashioned pentesting. Our goal is to help our engineers ship safe, resilient code as part of a multi-layered and diverse ecosystem of containerized microservices.

Responsibilities

• Build/deploy/maintain security controls and instrumentation around and in our code

• Consult with engineering teams on security-critical product features

• Help facilitate our bug bounty program

• Educate developers

Requirements

• Significant experience in at least one of Ruby, Go, Node or Java

• Strong understanding of AWS services and architectures

• Understanding of common vulnerabilities in web and mobile applications

• Great ability to communicate with developers

• Interest in both breaking and building

Preferred

• Experienced with Docker security

• Experience with popular threat modeling systems

• Experience with static analysis

• Experience fuzzing applications and protocols

What to send

• A resume or LinkedIn profile

• A link to your GitHub/Stack Overflow/HackerOne profile or something awesome that you've built

• A brief answer to the following question: If you were to break into Coinbase, how would you do it?

In case you are wondering what technologies we use at Coinbase, we’re built using a combination of Ruby, Node.js, PostgreSQL, MongoDB, Redis, Swift (for iOS), and Java (for Android). Prior experience with these exact languages/technologies is not required.

Coinbase is committed to diversity in its workforce and is proud to be an equal opportunity employer. Coinbase does not make hiring or employment decisions on the basis of race, color, religion, creed, gender, national origin, age, disability, veteran status, marital status, pregnancy, sex, gender expression or identity, sexual orientation, citizenship, or any other basis protected by applicable local, state or federal law. Coinbase will also consider for employment qualified applicants with arrest and conviction records in a manner consistent with San Francisco’s Fair Chance Ordinance and similar local laws.