GBBC Member Careers

Application Security Engineer

Chainalysis

Chainalysis

United States · New York, NY, USA · Remote
Posted on Friday, May 19, 2023

Blockchain technology is powering a growing wave of innovation. Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases. As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer. That’s where Chainalysis comes in. We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions. With Chainalysis, organizations can navigate blockchains safely and with confidence.

As an Application Security Engineer at Chainalysis, you'll be at the forefront of blockchain technology security. Your work will ensure the security and integrity of our innovative solutions, paving the way for the future of the blockchain industry. While a background in Software Development, DevOps, or Cloud Infrastructure helps, what truly matters is your understanding of cloud security best practices and application security principles. We value a diverse range of skills and perspectives, and we encourage individuals with a strong passion for security to apply.

What You'll Do:

  • Actively seek out, assess, and manage security threats in our cloud and application landscapes, orchestrating effective remediation processes.
  • Collaborate with our development, operations, and security teams, integrating secure practices into our CI/CD pipelines.
  • Manage state-of-the-art application security tools, such as JFrog Xray, SonarCloud, and Burp Suite, aligning their capabilities with our unique security needs and standards.
  • Execute thorough security assessments and penetration tests on applications and systems, proactively tackling vulnerabilities.
  • As part of a team, conduct security reviews of our new products, features, and solutions by deep-diving into code, reviewing security architectures, and running advanced security testing to ensure our innovations are secure from the ground up.
  • Craft and uphold security policies, procedures, and standards, ensuring compliance with the relevant regulatory and industry requirements.
  • Support the internal use of security tools and swiftly respond to security-related queries and concerns raised on Jira.

A background like this helps:

  • Proficient knowledge of OWASP Top 10 vulnerabilities and mitigation techniques
  • Command over web application security frameworks and tools such as Burp Suite, Nmap, Metasploit, to protect our systems from the most sophisticated threats
  • Hands-on experience with security testing tools like Sonarcloud, Jfrog, Burp, (or others), and can weave them seamlessly into our CI/CD pipelines for comprehensive security checks.
  • DevOps experience will be extremely helpful in bridging the gap between software development, operations, and security.
  • Knowledge of secure coding practices in Python, Java, or Javascript, with a knack for weaving security into our Agile and DevOps methodologies.
  • Prior experience in conducting security reviews of new products and features, including code inspection and advanced security testing, to ensure all our innovations are secure from inception.

To provide greater transparency to candidates, we share base salary ranges for all United States based job listings. We set standard base salary ranges for all roles based on function, level, and location, benchmarked against technology companies. Individual pay decisions are based on a number of factors, including qualifications for the role, relevant work experience, skillset, internal equity, and other factors, consistent with applicable law.

The salary range for this position is dependent on where you live within the United States. Chainalysis maintains two pay zones: Zone 1 includes team members in the New York City metro area and team members in the San Francisco Bay Area. Zone 2 encompasses all other parts of the United States. The salary ranges are:

Zone 1 $145,000 - $190,000 - $230,000

Zone 2 $127,500 - $165,000 - $203,000

Base salary is just one part of our total rewards package which additionally includes equity, performance bonus or commissions for eligible roles, and competitive benefits

#LI-BD1 #LI-Remote

At Chainalysis, we help government agencies, cryptocurrency businesses, and financial institutions track and investigate illicit activity on the blockchain, allowing them to engage confidently with cryptocurrency. We take care of our people with great benefits, professional development opportunities, and fun.

You belong here.

At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. Some of the ways we’re ensuring we keep learning are an internal Diversity Committee, Days of Reflection throughout the year including International Women’s Day, Harvey Milk Day, World Humanitarian Day, and UN International Migrants Day, and a commitment to continue revisiting and reevaluating our diversity culture.

We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. Additionally, if you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here. We can’t wait to meet you.

Applying from the EU? Please review our Chainalysis Applicant Privacy Policy.

By submitting this application, I consent to and authorize Chainalysis to contact my former employers, and any and all other persons and organizations for information bearing upon my qualifications for employment. I further authorize the listed employers, schools and personal references to give Chainalysis (without further notice to me) any and all information about my previous employment and education, along with other pertinent information they may have, and hereby waive any actions which I may have against either party(ies) for providing a reference. I understand any future employment will be contingent on the Company receiving satisfactory employment references.