About us:
Tendermint is building state-of-the-art consensus and networking protocols to enable internet-scale distributed applications. We’re passionate, self-driven, industry leaders whose mission is to build a better, freer internet. We're also building the Cosmos Network, a decentralized network of independent parallel blockchains, each powered by classical BFT consensus algorithms like Tendermint Core. We believe the technology we're building will have a major impact on human beings around the world. We’re well funded and growing quickly.
How we work:
Our teams leverage agile methodologies to move quickly and stay focused. Some of us work out of our offices in San Francisco, Berkeley, Toronto, and Berlin, but most of our employees work remotely. Communication is important to us and we rely heavily on Slack, Zoom, and GitHub to help us stay in sync. Everything we build is open source and available on GitHub.
This is a full time position that is remote-friendly, but, due to the current geography of the team, limited to timezones between PST (GMT -8) and MSK (GMT+3).What you will be doing:
- Be the primary security expert for our entire ecosystem, comprised of Tendermint Core, Cosmos SDK, Cosmos Hub and the IBC Protocols, acting as the point of contact for engineering and security
- Perform architecture reviews of projects, code reviews and penetration testing against products prior to shipping as well as maintain organizations’ awareness of potential and/or emerging threats
- Automate the code security reviews process
- Support engineering implementation of security fixes, ensuring security tools and software are used correctly, as well as being proactive to secure our architecture
- Research and evaluate new technologies that may improve our processes or code bases
- Create threat models for all of our products
- Educate and train product teams on security topics and skills to extend AppSec’s reach by deputizing product teams to help themselves
- Work with external auditors to conduct code audits as well as with outside vendors as appropriate for items such as scanning, incident response and penetration assessments
- Lead by example and contribute to a team culture that values quality, robustness, and scalability while fostering innovation
- Run bug bounty programs and respond to overall security questions and concerns from the community, as well as document and communicate findings
- Oversee incident response process
We're looking for someone who has:
- At least 8 years of software development experience in an agile environment (ideally with open source contributions). Golang experience preferred
- Deep understanding and experience with Cryptography
- Significant experience with Vulnerability Management and Penetration Assessments
- Strong experience in Application security, or developing applications with significant security requirements
- Extensive experience in linux based operating systems
- Thorough understanding of the current threat and attack landscape, latest security trends and principles
- Expertise with web protocols such as HTTP(s), TCP/IP, TLS as well as with securing web related technologies (Web applications, Web Services, APIs, Service Oriented Architectures)
- Excellent communication skills and ability to document and explain technical details clearly and concisely to technical and non-technical audiences
- The ability to take ownership and see initiatives through
- Experience with blockchain related technologies is strongly preferred
Nice to have:
- Knowledge of fault tolerant consensus protocols like PBFT or Raft
- Experience with IBC
- Familiarity with open source P2P networking protocols like BitTorrent, DHT’s, etc
- Experience managing “bazaar-style” open source projects
- Experience working with distributed teams
What we offer:
- The opportunity to be part of building the future of the Internet
- Flexible work schedule
- Excellent benefits like educational budget, fitness and wellbeing spend
- At least 4 weeks of paid vacation
- Competitive salary package, including equity