Application Security Architect - Remote

San Francisco Bay Area /
Engineering /
About us: 

At Tendermint Inc., we build, maintain, and promote critical state-of-the-art infrastructure for decentralized applications, such as Tendermint Core & Cosmos SDK. We are the team who designed and implemented the gold standard of proof of stake protocols and got it launched on a public blockchain network, Cosmos. We’re passionate, self-driven, industry leaders whose vision is to empower every human to contribute to solving the world’s most urgent and complex problems. We believe that the technology we're building will have a major impact on how humans connect and coordinate on a global scale. Join our growing team and plug into the most powerful blockchain ecosystem.

How we work: 

We have team members working from across North America, Europe, and Asia. We leverage agile methodologies to move quickly and stay focused. Communication is important to us and we rely heavily on Slack, Zoom, and GitHub to help us stay in sync. All the technology we build is open source. This is a full-time remote position and you’re free to work from anywhere. Be advised that most team meetings occur between 8am and 12pm Pacific Time (UTC-8/-7).  If you're applying from a location where these hours are outside your usual working hours, you’ll be expected to adapt to our meeting times.

What you will be doing:

    • Be the primary security expert for our entire ecosystem, comprised of Tendermint Core, Cosmos SDK, Cosmos Hub and the IBC Protocols, acting as the point of contact for engineering and security
    • Perform architecture reviews of projects, code reviews and penetration testing against products prior to shipping as well as maintain organizations’ awareness of potential and/or emerging threats
    • Automate the code security reviews process
    • Support engineering implementation of security fixes, ensuring security tools and software are used correctly, as well as being proactive to secure our architecture
    • Research and evaluate new technologies that may improve our processes or code bases
    • Create threat models for all of our products
    • Educate and train product teams on security topics and skills to extend AppSec’s reach by deputizing product teams to help themselves
    • Work with external auditors to conduct code audits as well as with outside vendors as appropriate for items such as scanning, incident response and penetration assessments
    • Lead by example and contribute to a team culture that values quality, robustness, and scalability while fostering innovation
    • Run bug bounty programs and respond to overall security questions and concerns from the community, as well as document and communicate findings
    • Oversee incident response process

We're looking for someone who has:

    • At least 8 years of software development experience in an agile environment (ideally with open source contributions). Golang experience preferred
    • Deep understanding and experience with Cryptography
    • Significant experience with Vulnerability Management and Penetration Assessments
    • Strong experience in Application security, or developing applications with significant security requirements
    • Extensive experience in linux based operating systems
    • Thorough understanding of the current threat and attack landscape, latest security trends and principles
    • Expertise with web protocols such as HTTP(s), TCP/IP, TLS as well as with securing web related technologies (Web applications, Web Services, APIs, Service Oriented Architectures)
    • Excellent communication skills and ability to document and explain technical details clearly and concisely to technical and non-technical audiences
    • The ability to take ownership and see initiatives through
    • Experience with blockchain related technologies is strongly preferred

Nice to have:

    • Knowledge of fault tolerant consensus protocols like PBFT or Raft
    • Experience with IBC
    • Familiarity with open source P2P networking protocols like BitTorrent, DHT’s, etc
    • Experience managing “bazaar-style” open source projects
    • Experience working with distributed teams

What we offer:

    • The opportunity to be part of building the future of the Internet
    • Flexible work schedule
    • Excellent benefits like educational budget, fitness and wellbeing spend
    • At least 4 weeks of paid vacation
    • Competitive salary package, including equity