About MetaMask
We’re building for a future where the internet and world economy empowers people through interactions based on consent, privacy, and free association. Where both communities and individuals flourish. To accomplish that, we’re working hard to make web3 accessible for everyone.
MetaMask is both a crypto wallet and a gateway to the decentralized web. Our tools help people create communities, play video games, access financial services, make payments, invest in assets, protect against economic turmoil, and more. Our browser extension and mobile platforms meet the needs of millions of users and developers across the world.
Originally a humble key manager, today MetaMask serves over 30 million monthly active users as a decentralized application development platform, an aggregator of decentralized cryptocurrency exchanges, and a decentralized identity manager.
About the Role
MetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible.
We are looking for an Application Security Engineer to join our rapidly growing security team to help embed security into all phases of the software development lifecycle. You would work closely with development teams and product managers to ensure MetaMask products are designed and implemented to the highest security standards.
To apply for this position, you must have:
- 6+ years of experience building and securing software, with at least 4 years focusing on web application security.
- Experience performing security design reviews, threat modeling, or security testing.
- Enthusiasm for writing code, and helping others do the same.
- Experienced working with JavaScript code to identify issues.
- Solid written and verbal communication skills.
- Proactiveness and be self-driven to be successful working in a remote environment.
- Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.
- A belief in our mission and values.
Nice to have:
- Experience working as a software developer.
- Familiarity with the Ethereum blockchain and Decentralized Applications.
- You’re a MetaMask user!
Responsibilities
- Support product teams as they develop new features by conducting design reviews, threat modeling, security testing, and code reviews.
- Assess potential security vulnerabilities within our applications, and work with development teams to ensure remediation in our established SLAs.
- Identify gaps in MetaMask’s secure software development life cycle (SSDLC), and take initiative leading efforts to address them.
- Determine the root cause and severity of vulnerabilities reported to us through our bug bounty platform.
- Participate and contribute to team meetings, roadmap planning, and discussions.
- Validate that security patches address reported vulnerabilities and test for any potential bypasses
- Document identified vulnerabilities in a way that allows for our engineering team to take quick action.
- Proactively prevent future occurrences of a vulnerability through developing automation, security controls, and educating developers.
- Write code to support the development of security engineering projects, or fix vulnerabilities in MetaMask client applications.
- Pave your own path in how you want to make MetaMask more secure.
