Offensive Security Manager, Coinbase

Offensive Security

CA$217.9k

+ Target bonus + Target equity

Python
Go
Ruby
Senior and Expert level
Remote from Canada
Coinbase

The world’s leading exchange for digital currencies

Open for applications

Coinbase

The world’s leading exchange for digital currencies

1001+ employees

FintechB2CB2BCryptocurrencySaaS

Open for applications

CA$217.9k

+ Target bonus + Target equity

Python
Go
Ruby
Senior and Expert level
Remote from Canada

1001+ employees

FintechB2CB2BCryptocurrencySaaS

Company mission

To increase economic freedom for more than 1 billion people.

Role

Who you are

  • A Bachelor’s or Master’s degree in Computer Science, Computer Engineering or a related field
  • 3+ years of management experience, preferably managing a security team of 5 or more full time employees
  • 3+ years of leading internal and external pentest engagements, actively participating in bug bounty programs, or performing security reviews
  • 3+ years of experience in Web2, Web3 and Network security
  • Experience in responsible vuln disclosure
  • Ability to navigate through ambiguity and deliver results fast
  • A growth mindset, able to quickly iterate on stakeholder feedback and lead change to meet the evolving needs of the business
  • Ability to partner effectively with cross-functional stakeholders across various teams within a large organization
  • Passion for the work that you do and ability to be hands-on when needed – participating in on-call rotations, leading incidents, performing pentests, validating bug bounty reports, verifying vuln fixes, etc

Desirable

  • You’ve owned a successful Bug Bounty and/or a Pentest program at a FinTech or a TradFi company
  • You have experience automating manual processes using Go, Python, Ruby, etc
  • You’ve identified and reported 0-day vulnerabilities in software used by millions of users around the world

What the job involves

  • The Application Security org at Coinbase is looking to hire a Pentest Manager to lead a team of Security Engineers responsible for managing Coinbase’s public bug bounty program and performing pentests of new products and features
  • In this role, you will work closely with both tech and non-tech stakeholders across the company to ensure the pentesting needs of the business are met on time
  • You’ll also own the Bug Bounty program charter, ensuring we continue to leverage talent worldwide to uplevel the security of Coinbase’s apps and services
  • Develop and execute on a vision what pentesting, bug bounty and red teaming at Coinbase should look like over the years ahead
  • Develop and track metrics and OKRs to track pentesting work, bug bounty engagements, new security capability development, etc
  • Lead internal and external pentesting as a service
  • Own DAST and MAST as an internal security service offering
  • Lead a team of Security Engineers focusing on performing tightly-scoped, new product launch pentests, regulatory and compliance-driven pentests, and managing Coinbase’s public bug bounty program
  • Work with engineers and engineering leaders across the company to prioritize, implement and deploy fixes for known vulnerabilities
  • Partner with Legal and GRCP to ensure we continue to meet regulatory and compliance-related pentesting requirements
  • Provide on-call and product incident support

Share this job

View 295 more jobs at Coinbase

Insights

Led by a woman
Top investors

-24% employee growth in 12 months

Company

Funding (last 2 of 8 rounds)

Oct 2018

$300m

GROWTH EQUITY VC

Oct 2018

$108.1m

SERIES D

Total funding: $633.4m

Our take

Coinbase has built a reputation as one of the most accessible entry points into the world of cryptocurrency. With features like crypto wallets, direct bank account linking, and merchant payment tools, it's helping bring crypto into the mainstream. But the company isn't just relying on its early success, it's evolving fast to stay relevant in a rapidly changing market.

Lately, its doubled down on its focus on institutional clients, now serving as the custodian for the majority of approved Bitcoin and Ethereum ETFs, and its Prime platform offers a full suite of services for hedge funds, asset managers, and financial institutions. As demand for regulated crypto products rise globally (particularly in Asia), Coinbase is ready to expand.

And it's even making moves to engage with younger audiences, having recently partnered with Riot Games to sponsor global eSports events for League of Legends and Valorant. This multi-year deal, commencing with the Valorant Masters in Toronto and the MSI 2025 tournament in Vancouver. This partnership highlights Coinbase's strategy to integrate Web3 technologies into mainstream entertainment, aiming to bridge the gap between gaming and cryptocurrency for a new generation of users.

Freddie headshot

Freddie

Company Specialist at Welcome to the Jungle