Senior Application Security Engineer

Summary

Join TRM Labs, a blockchain intelligence company, as an Application Security Engineer. Lead application security reviews and threat modeling, develop automated testing, and manage application security vulnerabilities. Coordinate penetration testing, support software engineers, and develop and maintain the bug bounty program. Bootstrap platform security initiatives and inspire a culture of security across the engineering organization. This role requires a minimum of 8 years of software development and testing experience, a BS in a related field, and proficiency in various programming languages. Strong understanding of security protocols and experience with security tools and methodologies are essential. The company offers generous benefits, including PTO, holidays, and parental leave.

Requirements

• Minimum 8 years of experience in Software Development and testing
• BS (or equivalent) in Computer Science, Computer Engineering, or related field
• Proficiency in software development languages: Python, NodeJS, React
• Strong understanding of encryption, authentication, and authorization protocols
• Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies , and using common security tooling for testing
• Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS. Experience with modern secure software development lifecycles, threat modeling, and best practices
• Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis
• Experience triaging and remediating vulnerabilities in software packages or libraries
• Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools
• Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc
• Experience with Threat modeling tools such as OWASP Threat Dragon, etc
• Experience working in a previous agile-based software development role required
• Experience Red Teaming or penetration testing applications and infrastructure
• Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices
• Strong written and verbal communication skills

Responsibilities

• Lead application security reviews and threat modeling, including secure code review, architectural design, and testing
• Develop automated testing and mature our Secure SDLC
• Own and perform application security vulnerability management
• Coordinate penetration testing engagements
• Support software engineers and product teams by developing application security best practices
• Develop and maintain the bug bounty program
• Bootstrap platform security initiatives that help protect TRM data
• Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training

Preferred Qualifications

• Security certifications such as OSCP, CEH, GWAPT are a plus
• Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus

Benefits

• PTO
• Holidays
• Parental Leave
• Remote work