As stewards of the Polkadot and Substrate ecosystem, Parity is laying the foundation for a better web which respects the freedom and data of individuals and empowers developers to create better services through decentralised technology. The internet is too important to billions of people for it to be at the mercy of a few powerful companies.
With a remote-first, global team of 340+ people, Parity is building open-source technologies for developers and organisations to implement and build upon. Our Web3 tech stack includes Polkadot, Substrate, and Kusama.
We believe in a decentralised web that respects the freedom and data of individuals and empowers developers to create better services. Our vision is to create a world based on truthful, rather than trustful, interactions. Our mission is to make Polkadot the most active and innovative community in blockchain.
About the team:
The Application Security (AppSec) department plays a critical role at the heart of our security processes. Our primary mission lies in protecting and assuring our blockchain and products, bolstering their resilience against potential cyber threats. We operate behind the scenes, collaborating closely with various engineering teams on our AppSec aspects to ensure the smooth functioning of the company.
About the position:
We are seeking an innovative and accomplished Rust AppSec Engineer to join the Parity Security team. You will take a critical role in upholding the security of Parity Technologies products.
You will influence the technical architecture of new and existing products, ensuring that security is a keystone in their designs. You would be the owner of Application security of products through and threat modelling, and contributing towards internal tooling and integration to ensure that security is baked into the software development lifecycle. Engineers will come to you as a trusted source of guidance for the secure development and maintenance of their products. Your insight will be consulted for strategic, practical and technical decisions, to guarantee that security is not an afterthought in our technical roadmap. You will also:
- Work with other application security engineers on technical development of projects in Rust. Contributing to the main public open-source projects shaping the future of the ecosystem.
- Provide technical expertise and guidance for developers around the secure development of their products.
- Perform assessments of products, such as security code review, security fuzzing, partnership with external security audit suppliers and/or white hat, or services that are being tested but are not yet in production.
- Sympathise with the goals trying to be achieved by other teams; help to push solutions out securely rather than just blocking solutions outright. We're here to work with others getting their products out in a manner that's secure for our ecosystem, not to just reject solutions without context.
About you:
As a Rust AppSec Engineer you will have:
- Solid experience with Rust, this is a must.
- Proficiency in managing third-party security code reviews and actioning findings.
- Adequate collaboration skills with engineering teams in code review resolutions.
- Demonstrated success in aligning stakeholders in code review findings.
- Proven capability in building strong partnerships with engineers.
- Exposure to cryptography, decentralised networking, hardware key management solutions. Basics at least, we want you to be motivated to learn more.
- A wide array of security tools and approaches: this is very much a hands-on role so you should be experienced in setting up SAST, DAST, fuzzing, property-based testing, symbolic execution, network simulation tools and such.
- Experience using common penetration testing tools
- Proficient in composing detailed technical reports and adept at conveying complex technical concepts to non-technical audiences in an understandable manner.
- A self-starter attitude: most of the time there would be little guidance on which areas to work on first and what to improve there. You’re expected to determine that yourself, keeping company-wide goals in mind, and drive those initiatives to completion.
If possible, we'd also love you to have:
- A risk-based, solution-oriented approach to resolving security issues.
- Experience in threat modelling, working with best in class independent security teams and turning their findings into actual deployed fixes in our codebase;
- Relevant security certifications are a plus, but not required (OSCP, OSCE, GPEN, GWAPT, LPT)
- Ideally prior work experience in blockchain/cryptocurrency fields.
- A background in open-source software development.
- Passionate about Web 3.0 and what it represents for the future.
About working for us:
- Competitive remuneration packages based on iterative market research, including tokens (where legally possible)
- “Future of work” environment that’s remote-first and self-initiating with flexible hours
- Team mates that are genuinely excited about their impact and projects
- Access to the brightest minds in this space to learn about Web3 and develop your skills and knowledge while on the job
- Becoming part of the wider ecosystem (career and networking opportunities)
- Team and company-wide retreats
- Work laptop and equipment
- Opportunity to relocate to United Kingdom, Germany or Portugal (with visa sponsorship)
Those joining our collective as an employee in Germany, Portugal, and the U.K. also enjoy benefits such as health care, parental leave, PTO (28 days per year), local team events, yearly L&D budget, and language classes.