Staff Security Engineer, Product

September 21, 2023
Offerd Salary:Negotiation
Working address:N/A
Contract Type:Other
Working Time:Negotigation
Working type:N/A
Ref info:N/A

We are MoonPay. Architects of the future, inventors, artists, and authors of innovation.

Our vision? To unlock digital ownership for everyone. We are onboarding the world to web3, where people can own and control their digital identity, data, property, and money.

MoonPay is the world's leading web3 infrastructure company. We provide end-to- end solutions for payments, enterprise-scale smart contract development, and digital asset management. Many of the world's most iconic brands rely on MoonPay to power their web3 strategies and ideas.

Now boarding the next generation of leaders. Come help us build what's next.

About the position:

MoonPay is looking for a Staff Security Engineering Product to join our Technology and Security Services (TSS) Team, reporting to the CISO. In this role, you will be responsible for playing a crucial role in ensuring the security and integrity of the products developed by MoonPay. This role will span various aspects of the product development lifecycle, from design to deployment, with the ultimate goal of identifying and mitigating security risks and vulnerabilities. As a key member of the TSS team, you will work closely with engineering, design, IT, and other cross-functional teams to deliver best-in-class experiences for our users.

Key responsibilities:

Security Design and Architecture:

 Collaborate with product managers, engineers, and architects to integrate security requirements into the product design and architecture.
 Assess potential security risks and recommend appropriate security controls and mechanisms.
 Design and implement security features that protect the product and its users, such as authentication, authorization, encryption, and access controls.

Threat Modeling:

 Conduct threat modeling exercises to identify potential security threats and vulnerabilities in the product.
 Analyze potential attack vectors and prioritize them based on their impact and likelihood.

Code and Design Reviews:

 Participate in code reviews to identify and address security vulnerabilities, coding errors, and best practice violations.
 Review architecture designs to ensure alignment with security requirements and industry best practices.

Security Testing:

 Conduct security assessments such as penetration testing, vulnerability scanning, and code analysis to identify weaknesses and vulnerabilities.
 Collaborate with quality assurance teams to integrate security testing into the product development and testing processes.

Secure Development Practices:

 Advocate for and enforce secure coding practices across the engineering teams.
 Provide guidance and training to developers on secure coding techniques and best practices.

Incident Response and Bug Bounty Programs:

 Collaborate with incident response teams to handle and mitigate security incidents that affect the product.
 Manage bug bounty programs, working with external security researchers to identify and remediate vulnerabilities.

Security Documentation:

 Create and maintain security documentation, including threat models, security requirements, design documents, and security guidelines.

Compliance and Regulations:

 Ensure the product adheres to relevant security standards, compliance regulations, and industry certifications.

Security Awareness and Communication:

 Educate product teams about security risks and provide clear communication about security-related issues and solutions.

Cross-Functional Collaboration:

 Work closely with cross-functional teams, including engineering, product management, legal, and privacy, to align security efforts with overall business goals.

Security Training and Mentoring:

 Provide mentorship and guidance to peer security team members.
Skills & Experience:

Cryptocurrency and Blockchain Expertise:

 In-depth understanding of blockchain technology, including consensus mechanisms, cryptographic primitives, and decentralized protocols.
 Extensive knowledge and familiarity with various cryptocurrencies, smart contract platforms, and token standards (e.g., ERC-20, ERC-721).

Security Expertise:

 Profound knowledge of cryptography, including cryptographic algorithms, digital signatures, and secure key management.
 Strong understanding of blockchain security best practices, addressing vulnerabilities specific to smart contracts, token wallets, and blockchain nodes.

Smart Contract Security:

 Ability to conduct thorough audits of smart contracts to identify vulnerabilities, such as reentrancy, integer overflow, and logic errors.
 Familiarity with tools like Mythril, Slither, and Truffle for analyzing and testing smart contracts.

Decentralized Finance (DeFi) Understanding:

 Awareness of the intricacies of DeFi protocols, liquidity pools, yield farming, decentralized exchanges, and lending platforms.
 Ability to assess the security of DeFi applications and identify potential risks.

Privacy and Anonymity:

 Knowledge of privacy-focused cryptocurrencies and protocols.

Tokenomics and Economics:

 Understanding of token economics, token issuance, distribution mechanisms, and governance models within crypto projects.
Bonus qualifications:

Network and Protocol Security:

 Proficiency in assessing and securing blockchain network nodes, including node configuration, firewall settings, and consensus mechanisms.
 Understanding of Distributed Denial of Service (DDoS) mitigation strategies in the context of blockchain networks.

Security Tools and Frameworks:

 Familiarity with security tools specific to blockchain and crypto, such as blockchain explorers, security analysis tools, and vulnerability scanners.

Incident Response and Forensics:

 Experience in handling security incidents and conducting post-incident forensics in a blockchain environment.

Regulatory Compliance:

 Knowledge of legal and regulatory considerations in the crypto space, including Anti-Money Laundering (AML) and Know Your Customer (KYC) requirements.

Overall, the Staff Security Engineer, Product will serve as a bridge between security concerns and product development, ensuring that security is an integral part of the product lifecycle and that the final product meets the highest security standards. Given the rapidly changing nature of the cryptocurrency industry, the candidate should be well-versed in the latest developments, trends, and emerging threats specific to the crypto space. The candidate will play a critical role in ensuring the security and trustworthiness of crypto products and services.

Smart Contract Development:

 Ability to develop secure smart contracts
 Proficiency in writing code that follows best practices for minimizing vulnerabilities.

Our interview process usually takes place on Zoom and tends to consist of the following stages:

  • Recruiter interview (~30 minutes)
  • Initial interview (~30-45 minutes)
  • Take home task (role dependent)
  • Virtual onsite (2-3 30 minute interviews)
  • Additional conversation (if applicable)
  • Please let us know if you require any accommodations for the interview process, and we'll do our best to provide assistance

    Research has shown that women are less likely than men to apply for this role if they do not have solid experience in 100% of these areas. Please know that this list is indicative and that we would still love to hear from you even if you feel you are only a 75% match. Skills can be learnt, diversity cannot.

    We promote a diverse and inclusive culture at MoonPay.

    From this employer

    Recent blogs

    Recent news