ShapeShift is the leading non-custodial digital asset platform, serving hundreds of thousands of customers across the world. Since 2014, ShapeShift has pioneered a new era of digital finance, earning a place as one of the most beloved and respected brands in a booming and volatile new industry. The company recently launched its new platform at ShapeShift.com and is now leveraging its resources toward aggressive growth.  

Led by industry veteran Erik Voorhees, the company is seeking out the best new team members to further scale the organization and maintain leadership while the phenomenon of decentralized digital finance expands around the globe. As part of this growing team, ShapeShift is looking to hire the role of Security Engineer.

POSITION OVERVIEW

ShapeShift is seeking a Security Engineer to help identify risks and mitigate them for this growing organization. The Security Engineer will be scanning, researching, hacking, and advising developers on security. The ideal candidate will possess a keen understanding of how tweaking one parameter can vastly change the security outcomes of an information system. This position offers a unique opportunity to think with a black hat but wear a white hat for an exciting cryptocurrency startup.

This is a full-time, exempt position, based in Denver, Colorado and reports to the CISO.

Your desire to make a real impact on an organization and the world grows by the day. The ideal candidate will be open to daily changes in workflow and protocol (and force us to improve workflows). As a start-up in an evolving space, there are new challenges that require new solutions every day.

GOALS OF POSITION

• Stay abreast with daily CVE announcements and 0-day vulnerabilities
• Work with Site Reliability Engineers and IT administrators to mitigate any vulnerabilities found with ShapeShift's production, development, or corporate systems.
• Provide security guidance and advice to software engineers on best practices for storing, securing, and accessing secrets in their application development.
• Participate in architecture design discussions for ShapeShift's upcoming feature enhancements and new products/services, ensuring best practices in security are followed in each phase of development, and ensuring security risks are understood and mitigated in the design choices.
• Execute and automate approved penetration tests, vulnerability scans, and related intelligence gathering about the existing security posture of development and production systems.
• Manage internal TLS Certificate Authority, issuing and revoking internal server and client certificates where necessary.
• Collect and organize security-related metrics for reporting to ShapeShift’s CISO.
• Maintain ShapeShift's existing Information Security Policy, ensuring it is up-to-date with ShapeShift's requirements. 
• Providing security training to all new staff, and security refreshers to existing staff.
• Oversee the provisioning of cryptographic keys and security hardware for new staff.

SUCCESS METRICS OF POSITION

• Concerns and risks are brought to the attention of the CISO in a timely manner
• Staff receive your assessments and recommendations on improving/maintaining security in a timely manner
• Staff are able to rely on you to educate them on security and answer their questions

WHAT YOU BRING TO THE TABLE

• "Jack of All Trades" mindset, knowledgeable in many areas
• "Geek to English translator" - ability to train/teach security concepts to non-security staff in easy-to-understand language
• Strong "Google-fu" - ability to quickly find and learn concepts that aren't already known
• Ability to be flexible while working in a dynamic startup environment
• Desire to make the world a better and safer place

REQUIRED EDUCATION & EXPERIENCE

• Experience working with GPG / PGP
• Experience with TLS, cryptographic certificates and PKI
• Experience performing vulnerability scanning (i.e. Metasploit, Nessus, or similar)
• Securing and administering services/daemons according to best practices
• Experience working with Linux and open source technologies

PREFERRED EDUCATION & EXPERIENCE

• Experience securing cloud-based service providers, such as DigitalOcean, Azure, and AWS
• Experience with deployment automation tools such as CircleCI, Terraform, etc.
• Experience with penetration testing
• Experience performing source code review
• Strong competency in at least one programming and/or scripting language
• Experience with charting, graphing, and presenting data visually
• Experience working with Cryptocurrencies and blockchains
• Familiarity with Agile Development Methodologies 
• Familiarity with hardware and firmware security 
• Security certifications such as: CISSP, CISA, OSCP, Pentest+, Security+ would be an asset

REQUIRED TRAVEL 

Infrequent (0-5%) travel may provide this position the opportunity for professional growth via attendance at conferences and market events as ShapeShift and the Security team continue to grow our global presence.

OTHER DUTIES

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. While performing the duties of this job, the employee is frequently required to sit. The employee is occasionally required to stand; walk; and use hands to finger, handle or feel controls. The employee must occasionally lift and/or move objects up to 10 pounds. Specific vision abilities required by this job include close vision and distance vision. This is largely a sedentary role; however, some filing is required. This would require the ability to lift files, open filing cabinets and bend or stand on a stool as necessary. 

ShapeShift is an Equal Employment Opportunity (EEO) employer and welcomes all qualified applicants. Applicants will receive fair and impartial consideration without regard to race, sex, color, religion, national origin, age, disability, veteran status, genetic data, or other legally protected status.

GDPR

View our Recruitment Privacy Policy