Security Engineer – (Remote) Full Time (Remote)

Status is the gateway to the decentralized web. We’re building the tools and infrastructure for the advancement of a secure, private, and open web3. With the high level goals of preserving the right to privacy, mitigating the risk of censorship, and promoting economic trade in a transparent, open manner, Status is building a community where anyone is welcome to join and contribute.

As an organization, Status seeks to push the web3 ecosystem forward through research, creation of developer tools, and support of the open source community. Our core products include an open source, Ethereum-based app for mobile and desktop that gives users the power to chat, make payments and browse the decentralized web, as well as foundational infrastructure for the whole Ethereum ecosystem including the Nimbus ETH 1.0 and 2.0 clients, the Keycard hardware wallet, and the Waku messaging protocol which is a continuation of Whisper.

Who are we?

We’re a remote team made up of ~70 core contributors and a growing number of community members scattered around the globe. We care deeply about open source software, and our organizational structure has minimal hierarchy and no fixed work hours. We believe in working with a high degree of autonomy while supporting the organization’s priorities.

The role: 

As a Security Engineer at Status, you will work closely with everything and everyone to ensure best practices are being upheld. Sometimes, you will define those best practices.

You will often have the opportunity to research, develop, and evaluate bleeding edge tech for the purpose of strengthening the security and privacy stance of our products and organization.  In some ways, it is your job to make your job as obsolete as possible. You will touch on a broad array of challenges and topics that fall under the scope of Security, so you must be able to continuously adapt and learn.

Depending on your experience, you might get to work on the following:

Operational Security:

• Security best practices education.
• Managing bug bounty programs.
• Delivering and developing security awareness training.
• Overseeing security monitoring activities.

Security Procedures:

• Defining, implementing and updating security policies.
• Reporting breaches to the Security Compliance function.

Secure SDLC:

• Defining, deploying (CI/CD integration) and updating secure Software Development Life Cycle (SDLC).

You ideally will have: 

[Don’t worry if you don’t meet all of these criteria, we’d still love to hear from you anyway if you think you’d be a great fit for this role!]

• Experience in, and passion for, blockchain technology.
• Threat modeling and risk assessment
• Security auditing and reverse engineering
• A strong alignment to our principles
• “Blue team” experience: security monitoring (e.g. SOC)
• Experience in managing large bug bounty programs (e.g HackerOne, Bugcrowd, etc.).
• Information security management framework expertise (e.g. ISO 2700x).
• Information security policies experience (design and deployment).
• Experience in managing large open source projects (with external contributors).
• SDLC experience (design, implementation and compliance).

Bonus points if you have:

• Experience working remotely and asynchronously.
• Experience working for an open source organization.

Hiring process

The hiring process for this role will be:

• First chat with one of our People Ops team
• Corey, the Chief Security Officer of Status.im
• Interview with one of our internal team leads – this will depend on what area of specialisation we’ll see you’re most fit to work in.

The steps may change along the way if we see it makes sense to adapt the interview stages, so please consider the above as a guideline. We’re looking for the new Security Engineer (you?) to join the team as soon as possible, and we’re hoping to close the hiring process ideally by the end of Q1 2021.