Senior Software Engineer, Application Security

6 days ago

Apply Now

Receive Emails with Similar Jobs

TRM Labs

WebsiteLinkedInAll Job Openings

Blockchain intelligence solutions to detect, monitor and investigate fraud and financial crime in digital assets.

Anti-money laundering • Blockchain analysis • Transaction monitoring • Crypto compliance • Blockchain forensics

51 - 200

💰 $70M Series B on 2022-11

Description

• Lead application security reviews and threat modeling, including secure code review, architectural design, and testing • Develop automated testing and mature our Secure SDLC • Own and perform application security vulnerability management • Coordinate penetration testing engagements • Support software engineers and product teams by developing application security best practices • Develop and maintain the bug bounty program • Bootstrap platform security initiatives that help protect TRM data • Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training.

Requirements

• Minimum 8 years of experience in Software Development and testing. • BS (or equivalent) in Computer Science, Computer Engineering, or related field. • Proficiency in software development languages: Python, NodeJS, React • Strong understanding of encryption, authentication, and authorization protocols • Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies, and using common security tooling for testing. • Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS. • Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis • Experience triaging and remediating vulnerabilities in software packages or libraries • Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools • Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc. • Experience with Threat modeling tools such as OWASP Threat Dragon, etc. • Experience working in a previous agile-based software development role required • Experience Red Teaming or penetration testing applications and infrastructure • Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices. • Strong written and verbal communication skills. • Security certifications such as OSCP, CEH, GWAPT are a plus. • Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus

Benefits

• Remote-first work environment • Competitive salaries and stock options • Health insurance • Life & disability coverage • Generous paid time for vacation, holidays, and parental leave