Staff Security Engineer, Product

  • Applications may have closed
Apply for job

MoonPay

Remote, Europe


About the position: 

MoonPay is looking for a Staff Security Engineering Product to join our Technology and Security Services (TSS) Team, reporting to the CISO
  In this role, you will be responsible for playing a crucial role in ensuring the security and integrity of the products developed by MoonPay
This role will span various aspects of the product development lifecycle, from design to deployment, with the ultimate goal of identifying and mitigating security risks and vulnerabilities
  As a key member of the TSS team, you will work closely with engineering, design, IT, and other cross-functional teams to deliver best-in-class experiences for our users

Key responsibilities:

Security Design and Architecture:

    • Collaborate with product managers, engineers, and architects to integrate security requirements into the product design and architecture
    • Assess potential security risks and recommend appropriate security controls and mechanisms
    • Design and implement security features that protect the product and its users, such as authentication, authorization, encryption, and access controls

Threat Modeling:

    • Conduct threat modeling exercises to identify potential security threats and vulnerabilities in the product
    • Analyze potential attack vectors and prioritize them based on their impact and likelihood

Code and Design Reviews:

    • Participate in code reviews to identify and address security vulnerabilities, coding errors, and best practice violations
    • Review architecture designs to ensure alignment with security requirements and industry best practices

Security Testing:

    • Conduct security assessments such as penetration testing, vulnerability scanning, and code analysis to identify weaknesses and vulnerabilities
    • Collaborate with quality assurance teams to integrate security testing into the product development and testing processes

Secure Development Practices:

    • Advocate for and enforce secure coding practices across the engineering teams
    • Provide guidance and training to developers on secure coding techniques and best practices

Incident Response and Bug Bounty Programs:

    • Collaborate with incident response teams to handle and mitigate security incidents that affect the product
    • Manage bug bounty programs, working with external security researchers to identify and remediate vulnerabilities

Security Documentation:

    • Create and maintain security documentation, including threat models, security requirements, design documents, and security guidelines

Compliance and Regulations:

    • Ensure the product adheres to relevant security standards, compliance regulations, and industry certifications

Security Awareness and Communication:

    • Educate product teams about security risks and provide clear communication about security-related issues and solutions

Cross-Functional Collaboration:

    • Work closely with cross-functional teams, including engineering, product management, legal, and privacy, to align security efforts with overall business goals

Security Training and Mentoring:

    • Provide mentorship and guidance to peer security team members

Skills & Experience:

Cryptocurrency and Blockchain Expertise:

    • In-depth understanding of blockchain technology, including consensus mechanisms, cryptographic primitives, and decentralized protocols
    • Extensive knowledge and familiarity with various cryptocurrencies, smart contract platforms, and token standards (, ERC-20, ERC-721)

Security Expertise:

    • Profound knowledge of cryptography, including cryptographic algorithms, digital signatures, and secure key management
    • Strong understanding of blockchain security best practices, addressing vulnerabilities specific to smart contracts, token wallets, and blockchain nodes

Smart Contract Security:

    • Ability to conduct thorough audits of smart contracts to identify vulnerabilities, such as reentrancy, integer overflow, and logic errors
    • Familiarity with tools like Mythril, Slither, and Truffle for analyzing and testing smart contracts

Decentralized Finance (DeFi) Understanding:

    • Awareness of the intricacies of DeFi protocols, liquidity pools, yield farming, decentralized exchanges, and lending platforms
    • Ability to assess the security of DeFi applications and identify potential risks

Privacy and Anonymity:

    • Knowledge of privacy-focused cryptocurrencies and protocols

Tokenomics and Economics:

    • Understanding of token economics, token issuance, distribution mechanisms, and governance models within crypto projects

Bonus qualifications: 

 Network and Protocol Security:

    • Proficiency in assessing and securing blockchain network nodes, including node configuration, firewall settings, and consensus mechanisms
    • Understanding of Distributed Denial of Service (DDoS) mitigation strategies in the context of blockchain networks

Security Tools and Frameworks:

    • Familiarity with security tools specific to blockchain and crypto, such as blockchain explorers, security analysis tools, and vulnerability scanners

Incident Response and Forensics:

    • Experience in handling security incidents and conducting post-incident forensics in a blockchain environment

Regulatory Compliance:

    • Knowledge of legal and regulatory considerations in the crypto space, including Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements

Overall, the Staff Security Engineer, Product will serve as a bridge between security concerns and product development, ensuring that security is an integral part of the product lifecycle and that the final product meets the highest security standards
Given the rapidly changing nature of the cryptocurrency industry, the candidate should be well-versed in the latest developments, trends, and emerging threats specific to the crypto space
The candidate will play a critical role in ensuring the security and trustworthiness of crypto products and services

Smart Contract Development:

    • Ability to develop secure smart contracts
    • Proficiency in writing code that follows best practices for minimizing vulnerabilities

Logistics:

Our interview process usually takes place on Zoom and tends to consist of the following stages:

  • Recruiter interview (~30 minutes)
  • Initial interview (~30-45 minutes)
  • Take home task (role dependent)
  • Virtual onsite (2-3 30 minute interviews)
  • Additional conversation (if applicable)

    Please let us know if you require any accommodations for the interview process, and we’ll do our best to provide assistance

    Research has shown that women are less likely than men to apply for this role if they do not have solid experience in 100% of these areas
    Please know that this list is indicative and that we would still love to hear from you even if you feel you are only a 75% match
    Skills can be learnt, diversity cannot

    We promote a diverse and inclusive culture at MoonPay

Listed in: , , , , , , , , , , , , , , , , , ,