Product Security Engineer
Swirlds Labs
Other Engineering, Product
Europe · Remote
Posted on Mar 20, 2024
About Swirlds Labs:
Swirlds Labs is a fast-growing software company committed to supporting, developing and servicing Hedera, an open source, proof-of-stake platform. Hedera is EVM-compatible and has been specifically built to meet the needs of enterprise and Web3 applications, which require speed, security, stability and sustainability. Hedera’s public network is governed by industry-leading organizations, spanning 11 sectors and 14 regions who oversee the development and direction of the decentralized platform.
You may find yourself doing all of the following:
- Conducting thorough security reviews of the company's products throughout the development lifecycle, including the design, implementation, and release phases
- Collaborating with cross-functional teams to identify security vulnerabilities and recommend mitigation strategies
- Developing and maintaining security testing methodologies and procedures
- Implementing and managing automated security testing tools and processes
- Providing guidance and support to development teams on secure coding practices and security best practices
- Staying current with industry trends and emerging threats to inform and enhance product security measures
- Assisting in incident response activities related to product security incidents
- Participating in security awareness training programs for internal stakeholders
Qualification Requirements:
- Minimum 6 years of experience in application or product security, including 2-3 years of experience in software development or related field
- Familiarity with common security vulnerabilities and attack vectors
- Hands-on experience with security testing tools such as static analysis, dynamic analysis, and fuzzing tools
- Strong understanding of secure coding practices and principles (mainly Java and Solidity)
Other skills that are great to bring with you but that we can help you develop:
- Relevant certifications (e.g., OSCP, OSEP, OSWA, OSWE)
- Experience in Bug bounty, Security Research, CVE publications, Red teaming, and attack surface management
- Experience with cloud environments (e.g., GCP, AWS)
- Understanding of common programming languages and scripting languages, such as Python, PowerShell, or Bash
- Experience with containerization and orchestration technologies, such as Docker and Kubernetes, and their associated security best practices
- Knowledge about web3 / Blockchain / Crypto