Possible expired job

This job was posted a year ago and may be expired now. If that's the case, you can browse similar jobs here. Apologies for the inconvenience.

Security Engineer – Lavamoat

Title: Security Engineer – Lavamoat

Location: GLOBAL – Remote

Our mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on.

Working with ConsenSys puts you at the forefront of an evolving paradigm, transforming our society for the better. We fundamentally believe blockchain is the next generation of technology that can lay the foundation for a more just and equitable society.

Blockchain tech is just over 10 years old. Ethereum itself is still a toddler and we’re far from reaching our full potential. You’ll get to work on the tools, infrastructure, and apps that scale these platforms to billions of users.

You’ll be constantly exposed to new concepts, ideas, and frameworks from your peers, and as you work on different projects challenging you to stay at the top of your game. You’ll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. ConsenSys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.

About MetaMask

We’re building for a future where the internet and world economy empowers people through interactions based on consent, privacy, and free association. Where both communities and individuals flourish. To accomplish that, we’re working hard to make web3 accessible for everyone.

MetaMask is both a crypto wallet and a gateway to the decentralized web. Our tools help people create communities, play video games, access financial services, make payments, invest in assets, protect against economic turmoil, and more. Our browser extension and mobile platforms meet the needs of millions of users and developers across the world.

Originally a humble key manager, today MetaMask serves over 30 million monthly active users as a decentralized application development platform, an aggregator of decentralized cryptocurrency exchanges, and a decentralized identity manager.

What you’ll do

Ever since the eye-opening event-stream npm package attack, MetaMask Security has been working to prevent possible future attacks like it. That’s the origin story of LavaMoat – a set of tools to defend against malicious packages at runtime.

We are looking for someone with a deep understanding of JavaScript and the runtimes it powers accompanied by a security mindset and/or a hacker’s curiosity.

In this role you’ll be contributing to open source projects including LavaMoat tools and Endo, improving existing and building new tools based on Hardened JavaScript and supporting the JavaScript security needs of the product teams by helping with LavaMoat usage or browser security in general.

Would be great if you brought this to the role

  • 4+ years experience in JavaScript
  • Good understanding of browser and Node.js security principles, including: same-origin policy, XSS, CSP, supply-chain
    Proficiency in Promises and async
  • Multiple years of experience shipping javascript code to production or releasing open source libraries
  • A passion for our mission and values
  • Proactive and self-driven attitude to be successful working in a remote environment
  • Kind, empathetic, and supportive attitude towards the team

Timezone: Regardless of where you are, some overlap with EU and PST time zones will be necessary.

Bonus Points

  • You’re a MetaMask user!
  • Prior experience in web security penetration testing
  • An interest in blockchain and an eagerness to learn

ConsenSys is an equal opportunity employer. We encourage people from all backgrounds to apply. We are committed to ensuring that our technology is made available and accessible to everyone. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law. ConsenSys is aware of fraudulent recruitment practices and we encourage all applicants to review our best practices to protect yourself which can be found (https://consensys.net/careers/best-practices-to-avoid-recruitment-fraud/).