Summary

The Application Security org at Coinbase is hiring for a Senior Offensive Security Engineer. In this role, you will lead and enhance penetration testing and red team activities. You will also take part in bug bounty triage, security automation, and incident support activities. This is a technical lead role that will also be overseeing the work of junior engineers located in the same time zone. You will work alongside other security engineers and collaborate with cross-functional teams to enhance the overall security posture of the company.

What you’ll be doing (ie. job duties):

1. Lead and conduct internal penetration testing engagements on web and mobile applications and services.
2. Lead and conduct Red Team operations to test the resiliency of our security protections.
3. Document and report findings from security assessments and pentests.
4. Collaborate with engineering teams to prioritize and remediate known vulnerabilities.
5. Participate in the triage and validation of bug bounty submissions.
6. Contribute to the development of security tools and automation.
7. Contribute to the development and improvement of security testing methodologies.
8. Provide on-call support for product security incidents.
9. Lead and participate in red team activities to identify weaknesses in security controls, as well as network and application-level security boundaries.

What we look for in you (ie. job requirements):

1. Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Software Engineering, or a related field
2. Have at least one relevant security certification (e.g., OSCP, GPEN).
3. 5+ years of experience in application security, penetration testing, bug bounty triage, or other offensive security roles.
4. 3+ years of Red Team experience, with a track record of breaking complex systems using novel techniques
5. Experience with programming languages such as Go, JavaScript, Python or Ruby.
6. Expert understanding of Web2 security concepts and common vulnerabilities (e.g., OWASP Top 10, SANS Top 25)
7. Experience with bug bounty programs and platforms.
8. Strong analytical skills to identify trends and patterns in penetration testing findings.
9. Excellent communication skills to effectively communicate with researchers and internal teams.
10. Energy and self-drive for continuous learning as crypto is a constantly and rapidly changing space.
11. Ability to work independently, take ownership of penetration testing and red team engagements as well as oversee the work of junior engineers.
12. Experience in building relationships with product, engineering, and other security teams

Nice to haves:

1. Participation in computer security competitions (CTFs), Bug Bounty programs, open source security research, CVE analysis
2. Experience in Web3 security, network security and/or cloud security.
3. Experience with developing and implementing security tooling to support penetration testing and AI penetration testing activities.
4. Experience pentesting AI systems and LLMs.

Position ID:  

P69494

Pay Transparency Notice: The target annual salary for this position can range as detailed below. Full time offers from Coinbase also include target bonus + target equity + benefits (including medical, dental, and vision).

Pay Range:

₹6,612,600—₹6,612,600 INR

Skills

• AWS
• Cybersecurity Solutions
• Development
• Software Engineering
• TypeScript