Security Researcher

ConsenSys

Location: Remote, Oregon

Job Type: Full time

Posted


About MetaMask

We’re building for a future where the internet and world economy empowers people through interactions based on consent, privacy, and free association. Where both communities and individuals flourish. To accomplish that, we’re working hard to make web3 accessible for everyone around the world.

MetaMask is both a crypto wallet and a gateway to the decentralized web. Our tools help people create communities, play video games, access financial services, make payments, invest in assets, protect against economic turmoil, and more. Our browser extension and mobile platforms meet the needs of millions of users and developers across the world.

Originally a humble key manager, today MetaMask serves over 30 million monthly active users as a decentralized application development platform, an aggregator of decentralized cryptocurrency exchanges and a decentralized identity manager.


About the Team

Our user base is rapidly growing, and each of our users places an immense amount of trust in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible. Our Security team ensures that we deliver on this commitment.

MetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible.

About the Role

We are looking for a Security Researcher to expand our security team efforts in identifying and countering new threats, improving security awareness for our users, and evaluate security-posture. This role will offer experience in an ever-evolving web3 industry, with ever-evolving security events.

You will be responsible for disclosing security research on web3 space vulnerabilities with the MetaMask security team, ConsenSys security team and external stakeholders

What you’ll do:

  • Identify new methods for improving awareness and countering new threats.
    • Proactively research ways in which bad actors could (and do) cause a threat to our users and products. Although some of the results may be hypothetical, it will be a proactive approach to security for our products.
    • Actively look for threats within the ecosystem, working closely with the threat intelligence team/platforms, to build reports and monitor ongoing security events in the space.
  • Code reviews.
    • Evaluate certain pull-requests on JavaScript/Typescript codebases, with a keen eye on secure-code.
    • Report findings and track mitigation process, for both internal and external reports.
  • Research security posture on tools used by MetaMask.
    • Working closely with Consensys Security to help analyze new product solutions.
    • Research FOSS tools that are integrated within MetaMask.
    • Identify gaps in existing security and develop tools to close the gap.
  • Evaluate security incidents in the Web3 space.
    • Write external-facing reports on exploits in the ecosystem to help educate everyday users and products take a security-first approach.
    • Work with external banners on security post-mortems.

Who we’re looking for:

  • Someone who has a passion for open-source and security.
  • Someone who is especially familiar with Web3 terminology.
  • Someone who has experience with handling cybersecurity-related events.
  • Someone who is familiar with past security incidents on Web3 banners (both blockchain-based and web2 based).
  • Someone who is a team-player and can work well with cross-team collaboration.
  • Someone who has excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Bonus points:

  • You have a portfolio of write-ups on web2/web3 security.

About ConsenSys

Our mission is to unlock the collaborative power of communities by making Web3 universally easy to use, access, and build on.

Working with ConsenSys puts you at the forefront of an evolving paradigm, transforming our society for the better. We fundamentally believe blockchain is the next generation of technology that can lay the foundation for a more just and equitable society.

Blockchain tech is just over 10 years old. Ethereum itself is still a toddler and we’re far from reaching our full potential. You’ll get to work on the tools, infrastructure, and apps that scale these platforms to billions of users.

You’ll be constantly exposed to new concepts, ideas, and frameworks from your peers, and as you work on different projects — challenging you to stay at the top of your game. You’ll join a network of entrepreneurs and technologists that reaches the edge of our ecosystem. ConsenSys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.

ConsenSys is an equal opportunity employer. We encourage people from all backgrounds to apply. We are committed to ensuring that our technology is made available and accessible to everyone. All employment decisions are made without regard to race, color, national origin, ancestry, sex, gender, gender identity or expression, sexual orientation, age, genetic information, religion, disability, medical condition, pregnancy, marital status, family status, veteran status, or any other characteristic protected by law.

ConsenSys is aware of fraudulent recruitment practices and we encourage all applicants to review our best practices to protect yourself which can be found here.

The salary range for US-based candidates only will be determined throughout the interview process depending on experience and skills. Candidates should anticipate a base salary (not including bonus, equity or other benefits) of $USD119,000 - $USD246,000

#LI-HG1

You’ve got this!