Overview

Status is building the tools and infrastructure for the advancement of a secure, private, and open web3.

With the high level goals of preserving the right to privacy, mitigating the risk of censorship, and promoting economic trade in a transparent, open manner, Status is building a community where anyone is welcome to join and contribute.

As an organization, Status seeks to push the web3 ecosystem forward through research, creation of developer tools, and support of the open source community.

As a product, Status is an open source, Ethereum-based app that gives users the power to chat, transact, and access a revolutionary world of DApps on the decentralized web. But Status is also building foundational infrastructure for the whole Ethereum ecosystem, including the Nimbus ETH 1.0 and 2.0 clients, the Keycard hardware wallet, and the Waku messaging protocol (a continuation of Whisper).

As a team, Status has been completely distributed since inception.  Our team is currently 150+ core contributors strong, and welcomes a growing number of community members from all walks of life, scattered all around the globe.

We care deeply about open source, and our organizational structure has minimal hierarchy and no fixed work hours. We believe in working with a high degree of autonomy while supporting the organization’s priorities.

The role

The role of the Application Security Specialist will be to to establish a comprehensive Secure Software Development program, whose objective will be to integrate security at each stage of the software development life cycle (SDLC), according to the organization’s needs. That includes main areas such as Security Assessment and Testing, Security Automation & Secure Coding practices and standards.

Expectations over the first 6 months

  • Evaluate the security posture in the current software development process.
  • Identify risks.
  • Determine required security controls and best practices
  • Implement static code analysis in a critical application (pilot)
  • Run static analysis on applications and projects according to the program.
  • Drive remediation of security flaws and vulnerabilities in code.
  • Consolidate guidelines and best practices for secure coding.
  • Update bug bounty program policy and scope

Responsibilities:

  • Perform security assessments and penetration testing of web/mobile applications to identify vulnerabilities and potential risks.
  • Collaborate with development teams to integrate security controls and best practices throughout the SDLC.
  • Perform code reviews and provide guidance on secure coding practices to development teams.
  • Implement automated security testing within CI/CD pipelines.
  • Investigate and drive remediation of security vulnerabilities, configuration issues, and flaws in code.
  • Manage our bug bounty program.
  • Stay updated with the latest security threats, vulnerabilities, and industry best practices to proactively address emerging risks.
  • Assist in incident response activities, including investigating and remediating security incidents and breaches.
  • Develop and implement security policies, procedures, and best practices to protect applications and sensitive data.

Ideally you will have

  • Solid understanding of application security principles.
  • Experience conducting security assessments and tests
  • A passion for blockchain technology
  • Previous experience working in a remote and asynchronous scheme.

Bonus points if you have

  • Experience with cloud security.
  • Knowledge of secure API development and authentication protocols (OAuth, JWT, OIDC, SAML).
  • Experience working for an open source organization.
  • Experience working for Decentralized Autonomous Organization (DAO).

Hiring process

  1. Interview with our People-Ops team (Angel)
  2. Technical Interview with our Security team (Emilio and Mario)
  3. Interview with our Security Lead (Mario)

Compensation

We are happy to pay in any mix of fiat/crypto.