Offensive Security Manager, Coinbase

• A Bachelor’s or Master’s degree in Computer Science, Computer Engineering or a related field
• 3+ years of management experience, preferably managing a security team of 5 or more full time employees
• 3+ years of leading internal and external pentest engagements, actively participating in bug bounty programs, or performing security reviews
• 3+ years of experience in Web2, Web3 and Network security
• Experience in responsible vuln disclosure
• Ability to navigate through ambiguity and deliver results fast
• A growth mindset, able to quickly iterate on stakeholder feedback and lead change to meet the evolving needs of the business
• Ability to partner effectively with cross-functional stakeholders across various teams within a large organization
• Passion for the work that you do and ability to be hands-on when needed – participating in on-call rotations, leading incidents, performing pentests, validating bug bounty reports, verifying vuln fixes, etc

Desirable

• The Application Security org at Coinbase is looking to hire a Pentest Manager to lead a team of Security Engineers responsible for managing Coinbase’s public bug bounty program and performing pentests of new products and features
• In this role, you will work closely with both tech and non-tech stakeholders across the company to ensure the pentesting needs of the business are met on time
• You’ll also own the Bug Bounty program charter, ensuring we continue to leverage talent worldwide to uplevel the security of Coinbase’s apps and services
• Develop and execute on a vision what pentesting, bug bounty and red teaming at Coinbase should look like over the years ahead
• Develop and track metrics and OKRs to track pentesting work, bug bounty engagements, new security capability development, etc
• Lead internal and external pentesting as a service
• Own DAST and MAST as an internal security service offering
• Lead a team of Security Engineers focusing on performing tightly-scoped, new product launch pentests, regulatory and compliance-driven pentests, and managing Coinbase’s public bug bounty program
• Work with engineers and engineering leaders across the company to prioritize, implement and deploy fixes for known vulnerabilities
• Partner with Legal and GRCP to ensure we continue to meet regulatory and compliance-related pentesting requirements
• Provide on-call and product incident support

Total funding: $633.4m

Coinbase has built a reputation as one of the most accessible entry points into the world of cryptocurrency. With features like crypto wallets, direct bank account linking, and merchant payment tools, it's helping bring crypto into the mainstream. But the company isn't just relying on its early success, it's evolving fast to stay relevant in a rapidly changing market.