MetaMask has experienced explosive user growth over the past year as a cryptographic key manager and web3 application development platform. As this user base continues to grow, an immense amount of trust is being placed in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible.

We are looking for an Application Security Engineer who will work closely with development teams and product managers to ensure MetaMask products are designed and implemented to the highest security standards.

To apply for this position, you must have:

  • 2+ years of work experience in an enterprise engineering domain
  • Excellent problem-solving skills and sharp attention to detail.
  • Solid written and verbal communication skills.
  • Familiarity with the Ethereum blockchain and Decentralized Applications.
  • Proficient in JavaScript & Typescript.
  • Experience with modern JS frameworks React or React Native.
  • Enthusiasm for shipping high-quality code and helping peers do the same.
  • Proactiveness and be self-driven to be successful working in a remote environment.
  • Understanding of web development practices and terminology.
  • Relevant knowledge of modern web and mobile app security landscape, real-world attacks and mitigations.
  • A belief in our mission and values.

Bonus points:

  • Blockchain expertise.
  • Native mobile development iOS/Android
  • Previous experience working with Application Security Engineering teams.
  • Youโ€™re a MetaMask user!

Role Requirements

As an Application Security engineer, you would contribute in the following areas:

  • Supporting, analyzing & patching security incidents in production web services and mobile applications
  • Write PoCโ€™s to prove vulnerabilities, which will be included in internal and external reports.
  • Review and ensure that patch code meets the standards set by the repository owners and maintainers.
  • Validate that patches actually fix the reported vulnerabilities.
  • Review vulnerability reports drafted by the TPM for accuracy from the engineer perspective.
  • Participate in weekly meetings as necessary.
  • Work with engineers on security-related issues.