Senior Software Security Engineer

| Greater Denver Area
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

POSITION OVERVIEW

ShapeShift is seeking a Senior Software Security Engineer to help identify risks and mitigate them for this growing organization. The Senior Software Security Engineer will be scanning, researching, hacking, and advising developers on security, in addition to altering source code to resolve security vulnerabilities. The ideal candidate will possess a keen understanding of how tweaking one parameter can vastly change the security outcomes of an information system. This position offers a unique opportunity to think with a black hat but wear a white hat for an exciting cryptocurrency startup.

 This is a full-time, exempt position that reports directly to the CISO.

Your desire to make a real impact on an organization and the world grows by the day. The ideal candidate will be open to daily changes in workflow and protocol (and force us to improve workflows). As a start-up in an evolving space, there are new challenges that require new solutions every day.

GOALS OF POSITION

  • Stay abreast with daily CVE announcements and 0-day vulnerabilities
  • Provide strong software engineering experience to ShapeShift’s Security team.
  • Work with Site Reliability Engineers and IT administrators to mitigate any vulnerabilities found with ShapeShift's systems.
  • Provide security guidance and advice to software engineers on best practices for storing, securing, and accessing secrets in their application development. 
  • Participate in architecture design discussions for ShapeShift's upcoming feature enhancements and new products/services, ensuring best practices in security are followed in each phase of development, and ensuring security risks are understood and mitigated in the design choices.
  • Execute and automate approved penetration tests, vulnerability scans, and related intelligence gathering about the existing security posture of development and production systems.
  • Manage internal TLS Certificate Authority, issuing and revoking internal server and client certificates where necessary.
  • Collect and organize security-related metrics for reporting to ShapeShift’s CISO.
  • Maintain ShapeShift's existing Information Security Policy, ensuring it is up-to-date with ShapeShift's requirements. 
  • Providing security training to all new staff, and security refreshers to existing staff.
  • Oversee the provisioning of cryptographic keys and security hardware for new staff.
  • Can research, understand, and implement security enhancements to ShapeShift systems independently, and communicate changes to management in a timely fashion.

SUCCESS METRICS OF POSITION

  • Concerns and risks are brought to the attention of the CISO in a timely manner
  • Staff receive your assessments and recommendations on improving/maintaining security in a timely manner
  • Staff are able to rely on you to educate them on security and answer their questions
  • Ability to contribute security enhancements to ShapeShift’s codebase.
  • Senior Security Engineer is able to meet deadlines independently

WHAT YOU BRING TO THE TABLE

  • "Jack of All Trades" mindset, knowledgeable in many areas
  • "Geek to English translator" - ability to train/teach security concepts to non-security staff in easy-to-understand language
  • Strong "Google-fu" - ability to quickly find and learn concepts that aren't already known
  • Knowledge and experience that can be relied upon by others in the Security department
  • Ability to be flexible while working in a dynamic startup environment
  • Desire to make the world a better and safer place

REQUIRED EDUCATION & EXPERIENCE

  • 7+ years of full stack engineering experience or equivalent 
  • Strong competency with Javascript and/or TypeScript
  • Strong competency with modern software development tools (git, jira, IDEs)
  • Experience performing source code review
  • Experience resolving application level vulnerabilities
  • Experience working with GPG / PGP
  • Experience with TLS, cryptographic certificates and PKI
  • Experience performing vulnerability scanning (i.e. Metasploit, Nessus, or similar)
  • Securing and administering services/daemons according to best practices
  • Experience working with Linux and open source technologies
  • At least 4 years experience in a security-focused role

PREFERRED EDUCATION & EXPERIENCE

  • Experience securing cloud-based service providers, such as DigitalOcean, Azure, and AWS
  • Experience with deployment automation tools such as CircleCI, Terraform, etc.
  • Experience with penetration testing
  • Experience with charting, graphing, and presenting data visually
  • Experience working with cryptocurrencies and blockchains
  • Familiarity with Agile Development Methodologies 
  • Familiarity with hardware and firmware security 
  • Security certifications such as: CISSP, CISA, OSCP, Pentest+, Security+ would be an asset
  • Experience with Open Source Software

REQUIRED TRAVEL 

Infrequent (0-5%) travel may provide this position the opportunity for professional growth via attendance at conferences and market events as ShapeShift and the Security team continue to grow our global presence.

WHAT WE OFFER YOU

  • Salary band: $129,000 - $158,000
  • 100% Covered Health, Dental and Vision Insurance
  • Flexible Time Off
  • Remote work 
  • 401(k)
  • Generous Maternity and Paternity Leave
  • Opportunity to be paid in Bitcoin

Read Full Job Description
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.

Technology we use

  • Engineering
    • GolangLanguages
    • JavascriptLanguages
    • PythonLanguages
    • SolidityLanguages
    • ReactLibraries
    • DjangoFrameworks
    • Node.jsFrameworks
    • MongoDBDatabases
    • PostgreSQLDatabases
    • RedisDatabases

Location

Our office is downtown with plenty of local restaurants, breweries, and public transit options within walking distance.

What are ShapeShift Perks + Benefits

Culture
Volunteer in local community
Friends outside of work
Eat lunch together
Daily stand up
Open door policy
Team owned deliverables
Group brainstorming sessions
Pair programming
Open office floor plan
Health Insurance & Wellness Benefits
Disability Insurance
Dental Benefits
Vision Benefits
Health Insurance Benefits
Life Insurance
Wellness Programs
Onsite Gym
Retirement & Stock Options Benefits
401(K)
Company Equity
Child Care & Parental Leave Benefits
Generous Parental Leave
Flexible Work Schedule
Remote Work Program
Family Medical Leave
Vacation & Time Off Benefits
Unlimited Vacation Policy
Paid Holidays
Paid Sick Days
Perks & Discounts
Beer on Tap
Casual Dress
Commuter Benefits
Company Outings
Game Room
Stocked Kitchen
Some Meals Provided
Happy Hours
Parking
Pet Friendly
Professional Development Benefits
Job Training & Conferences
Lunch and learns
Cross functional training encouraged
Promote from within
Online course subscriptions available
More Jobs at ShapeShift3 open jobs
All Jobs
Dev + Engineer
Developer
new
Denver
Developer
new
Denver
Apply now
By clicking continue you agree to Built In’s Privacy Policy and Terms of Use.
Save jobView ShapeShift's full profileSee more ShapeShift jobs