Offensive Security Manager, Coinbase
Offensive Security
CA$217.9k
+ Target bonus + Target equity
The world’s leading exchange for digital currencies
Be an early applicant
The world’s leading exchange for digital currencies
1001+ employees
Be an early applicant
CA$217.9k
+ Target bonus + Target equity
1001+ employees
Company mission
Their mission is to create an open financial system for the world and to be the leading global brand for helping people convert digital currency into and out of their local currency.
Role
Who you are
- A Bachelor’s or Master’s degree in Computer Science, Computer Engineering or a related field
- 3+ years of management experience, preferably managing a security team of 5 or more full time employees
- 3+ years of leading internal and external pentest engagements, actively participating in bug bounty programs, or performing security reviews
- 3+ years of experience in Web2, Web3 and Network security
- Experience in responsible vuln disclosure
- Ability to navigate through ambiguity and deliver results fast
- A growth mindset, able to quickly iterate on stakeholder feedback and lead change to meet the evolving needs of the business
- Ability to partner effectively with cross-functional stakeholders across various teams within a large organization
- Passion for the work that you do and ability to be hands-on when needed – participating in on-call rotations, leading incidents, performing pentests, validating bug bounty reports, verifying vuln fixes, etc
Desirable
- You’ve owned a successful Bug Bounty and/or a Pentest program at a FinTech or a TradFi company
- You have experience automating manual processes using Go, Python, Ruby, etc
- You’ve identified and reported 0-day vulnerabilities in software used by millions of users around the world
What the job involves
- The Application Security org at Coinbase is looking to hire a Pentest Manager to lead a team of Security Engineers responsible for managing Coinbase’s public bug bounty program and performing pentests of new products and features
- In this role, you will work closely with both tech and non-tech stakeholders across the company to ensure the pentesting needs of the business are met on time
- You’ll also own the Bug Bounty program charter, ensuring we continue to leverage talent worldwide to uplevel the security of Coinbase’s apps and services
- Develop and execute on a vision what pentesting, bug bounty and red teaming at Coinbase should look like over the years ahead
- Develop and track metrics and OKRs to track pentesting work, bug bounty engagements, new security capability development, etc
- Lead internal and external pentesting as a service
- Own DAST and MAST as an internal security service offering
- Lead a team of Security Engineers focusing on performing tightly-scoped, new product launch pentests, regulatory and compliance-driven pentests, and managing Coinbase’s public bug bounty program
- Work with engineers and engineering leaders across the company to prioritize, implement and deploy fixes for known vulnerabilities
- Partner with Legal and GRCP to ensure we continue to meet regulatory and compliance-related pentesting requirements
- Provide on-call and product incident support
Our take
Coinbase allows its users to create their own crypto wallets and start buying or selling cryptocurrencies by connecting with their bank accounts. It also provides a series of merchant payment processing systems and tools that support transactions with many popular websites.
Coinbase has recently made a big push to broaden its services away from consumers and they want to cater services from institutional investors.
Coinbase currently offers one of the largest selection of cryptocurrency assets - over 10,000 but does not allow trading on all of them. The company wisely keeps such offerings to the most stable assets however, the list is always expanding. Coinbase see a much wider adoption of cryptocurrency and tokens in the future, and plan to expand potentially to millions in the future. It speaks volumes to Coinbase's goals of wider global adoption that former UK Finance Minister George Osborne is now an Advisor at the company.
Coinbase's lofty ambitions paid off in it being the first crypto listing on the NASDAQ. The company has weathered several bull and bear runs in the cryptocurrency industry through diversification of its offerings, including wallet-as-a-service technology for crypto platforms, and has acquired healthy coffers of cryptocurrency assets. The aim is to eventually operate independently of the volatility surrounding cryptocurrencies.
Freddie
Company Specialist at Welcome to the Jungle
Insights
-24% employee growth in 12 months
Company
Funding (last 2 of 8 rounds)
Oct 2018
$300m
GROWTH EQUITY VC
Oct 2018
$108.1m
SERIES D
Total funding: $633.4m
Company benefits
- 12 weeks maternity/paternity leave
- Vision and dental care
- Commuter benefits
- Learning and development budget
- Unlimited paid time off policy
- Work from home opportunities
- Health insurance
Company HQ
Civic Center, New York, NY
Leadership
Brian Armstrong
(CEO)Previously founded UniversityTutor.com, also worked as a Software Engineer at AirBnb
Alessia Haas
(CFO)Previously held various head positions, including VP at GE Healthcare, Director at Merrill Lynch and CFO at CIT Bank and Oz Management
Share this job
View 261 more jobs at Coinbase