Senior Application Security Engineer

Consensys is the leading blockchain and web3 software company founded by Joe Lubin, CEO of Consensys and Co-Founder of Ethereum. Since 2014, Consensys has been at the forefront of innovation, pioneering technological developments within the web3 ecosystem. Through our product suite, including the MetaMask platform, Infura, Linea, Diligence, and our NFT toolkit Phosphor, we have become the trusted collaborator for users, creators, and developers on their path to build and belong in the world they want to see. Whether building a dapp, an NFT collection, a portfolio, or a better future, the instinct to build is universal. Consensys inspires and champions the builder instinct in everyone by making web3 universally easy to use and develop on. Our mission is to unlock the collaborative power of communities by making the decentralized web universally easy to access, use, and build on. You’ll get to work on the tools, infrastructure, and apps that scale these platforms to onboard one billion participants and 5 million developers. You’ll be constantly exposed to new concepts, ideas, and frameworks from your peers, and as you work on different projects — challenging you to stay at the top of your game. You’ll join a network of builders that reaches the edge of our ecosystem. Consensys alumni have moved on to become tech entrepreneurs, CEOs, and team leads at tech companies.

About Metamask

MetaMask aims to create a thriving engineering organization that supports the well-being of our engineers while empowering them to do work they are proud of and enjoy. We strive for an environment that gives our people high trust and autonomy, while also facilitating collaboration, communication and camaraderie among teams and teammates. We aspire to build a diverse engineering team, inclusive to people from all backgrounds and demographics. It is also of great importance to us that working at MetaMask is an experience that catalyzes career growth and learning.

About the Role

MetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible. We are looking for a Senior Application Security Engineer to join our rapidly growing security team to help embed security into all phases of the software development lifecycle. You would work closely with development teams and product managers to ensure MetaMask products are designed and implemented to the highest security standards. Consenys’s application security team primarily supports MetaMask with opportunities to expand to additional products in the Consensys family.

To apply for this position,

you must have:

• 6+ years of experience building and securing software,

with at least 4 years in a product security, or application security position.

• Experience securing server-side applications and environments.
• Experience performing security design reviews,

threat modeling, or security testing.

• Enthusiasm for writing code,

and helping others do the same.

• Experience securing web applications & APIs
• Solid written and verbal communication skills.
• Proactiveness and be self-driven

to be successful working in a remote environment.

• Relevant knowledge of modern web and mobile app security landscape,

real-world attacks and mitigations.

Nice to Have:

• Software developer experience.
• Familiarity with Ethereum blockchain

and Decentralized Applications.

• MetaMask user.

Responsibilities:

• Analyze vulnerabilities from bug bounty reports;

triage and guide resolution.

• Document vulnerabilities for engineering action.
• Write code for security projects or fix vulnerabilities in MetaMask client apps including AI tooling development for vulnerability detection/resolution.
• Assess application vulnerabilities;

essure remediation within SLAs.

• Support product teams with design reviews,

threat modeling, security testing, code reviews.

• Identify gaps in secure software development lifecycle (SSDLC)

and lead improvements.

• Participate in team meetings

and planning.

• Validate security patches

and test for bypasses.

• Develop automation,

controls, educate developers to prevent future vulnerabilities.

Employment Conditions:

Background checks required (employment, education, briminal records).

Salary Range (US-based candidates):

$130000—$218000 USD (excluding bonus/equity/benefits).

Diversity & Inclusion:

Committed to diversity; equal opportunity employer; courages applicants from all backgrounds.

Benefits:

• Competitive benefits package
• Equity ownership
• Recognized in blockchain/Web3 ecosystem
• Continuous learning & development opportunities via Consensys Advance Program including Coursera access
• Unlimited vacation/holidays plus company-wide “zero productivity” days
• Flexible working arrangements with asynchronous work structure
• Remote-first global workforce across six continents

Additional Information:

Consensys products include MetaMask, MetaMask Developer, Infura, Consensys Staking, Protocol & Open-source projects like Linea, Teku, besu, and Web3Signer.