Rust AppSec Engineer

  • Applications may have closed

As stewards of the Polkadot and Substrate ecosystem, Parity is laying the foundation for a better web which respects the freedom and data of individuals and empowers developers to create better services through decentralised technology
The internet is too important to billions of people for it to be at the mercy of a few powerful companies

With a remote-first, global team of 340+ people, Parity is building open-source technologies for developers and organisations to implement and build upon
Our Web3 tech stack includes , , and

We believe in a decentralised web that respects the freedom and data of individuals and empowers developers to create better services
Our vision is to create a world based on truthful, rather than trustful, interactions
Our mission is to make Polkadot the most active and innovative community in blockchain

About the team:

The Application Security (AppSec) department plays a critical role at the heart of our security processes
Our primary mission lies in protecting and assuring our blockchain and products, bolstering their resilience against potential cyber threats
We operate behind the scenes, collaborating closely with various engineering teams on our AppSec aspects to ensure the smooth functioning of the company

About the position:

We are seeking an innovative and accomplished Rust AppSec Engineer to join the Parity Security team
You will take a critical role in upholding the security of Parity Technologies products

You will influence the technical architecture of new and existing products, ensuring that security is a keystone in their designs
You would be the owner of Application security of products through and threat modelling, and contributing towards internal tooling and integration to ensure that security is baked into the software development lifecycle
Engineers will come to you as a trusted source of guidance for the secure development and maintenance of their products
Your insight will be consulted for strategic, practical and technical decisions, to guarantee that security is not an afterthought in our technical roadmap
You will also:

  • Work with other application security engineers on technical development of projects in Rust
    Contributing to the main public open-source projects shaping the future of the ecosystem

  • Provide technical expertise and guidance for developers around the secure development of their products

  • Perform assessments of products, such as security code review, security fuzzing, partnership with external security audit suppliers and/or white hat, or services that are being tested but are not yet in production

  • Sympathise with the goals trying to be achieved by other teams; help to push solutions out securely rather than just blocking solutions outright
    We’re here to work with others getting their products out in a manner that’s secure for our ecosystem, not to just reject solutions without context

About you:

As a Rust AppSec Engineer you will have:

  • Solid experience with Rust, this is a must

  • Proficiency in managing third-party security code reviews and actioning findings

  • Adequate collaboration skills with engineering teams in code review resolutions

  • Demonstrated success in aligning stakeholders in code review findings

  • Proven capability in building strong partnerships with engineers

  • Exposure to cryptography, decentralised networking, hardware key management solutions
    Basics at least, we want you to be motivated to learn more

  • A wide array of security tools and approaches: this is very much a hands-on role so you should be experienced in setting up SAST, DAST, fuzzing, property-based testing, symbolic execution, network simulation tools and such

  • Experience using common penetration testing tools

  • Proficient in composing detailed technical reports and adept at conveying complex technical concepts to non-technical audiences in an understandable manner

  • A self-starter attitude: most of the time there would be little guidance on which areas to work on first and what to improve there
    You’re expected to determine that yourself, keeping company-wide goals in mind, and drive those initiatives to completion

If possible, we’d also love you to have:

  • A risk-based, solution-oriented approach to resolving security issues

  • Experience in threat modelling, working with best in class independent security teams and turning their findings into actual deployed fixes in our codebase;

  • Relevant security certifications are a plus, but not required (OSCP, OSCE, GPEN, GWAPT, LPT)

  • Ideally prior work experience in blockchain/cryptocurrency fields

  • A background in open-source software development

  • Passionate about Web 3
    0 and what it represents for the future

About working for us:

  • Competitive remuneration packages based on iterative market research, including tokens (where legally possible)

  • “Future of work” environment that’s remote-first and self-initiating with flexible hours

  • Team mates that are genuinely excited about their impact and projects

  • Access to the brightest minds in this space to learn about Web3 and develop your skills and knowledge while on the job

  • Becoming part of the wider ecosystem (career and networking opportunities)

  • Team and company-wide retreats

  • Work laptop and equipment

  • Opportunity to relocate to United Kingdom, Germany or Portugal (with visa sponsorship)

Those joining our collective as an employee in Germany, Portugal, and the U
also enjoy benefits such as health care, parental leave, PTO (28 days per year), local team events, yearly L&D budget, and language classes

Parity is an Equal Opportunity Employer
We welcome diversity in our global team and care about everyone in our collective feeling included and welcome

View our to see how we use your data

Is this position not quite your match?  our other open roles

Listed in: , , , , , , , , , , , , ,