Application Security Senior Engineer / Architect
Swan is a leading Bitcoin-only financial services company supporting individuals and companies throughout their Bitcoin journey. We hire passionate Bitcoiners who want to work with a self-motivated and fully distributed startup team.
Swan is growing rapidly and looking to expand our Security Engineering team. We are a team of builders and everyone from the top down codes. We are looking for people who want to own product and ship features end to end with the help of the larger team around them.
We love to hire people with a broad skillset, with expertise in at least one or more areas. This job requires deep experience in software development in the security realm, but additional expertise in operational security or technical product management is a plus. Our operational folks code and our developers operate.
This role’s title will be based on your seniority, but does require significant development expertise. If you don’t have the years but feel you have the chops, you’re still welcome to apply.
This position reports directly to the CTO and will play a key role for all things related to secure access and identity engineering.
- Deliver end to end working products for security, ranging from authentication flows, to user experience improvements in various security and risk flows
- Work independently with developers, engineers, product owners, and other colleagues to ensure secure design, development, and implementation of applications and services.
- Perform security architecture design reviews of our products
- Perform code analysis of large applications, manually and using SAST and DAST scanning solutions, as well as conducting manual vulnerability analysis
- Help oversee and mentor junior members of the security team. Help oversee our vulnerability program, with daily management from junior employees
- Provide remediation guidance and recommendations to developers and administrators
- Interface with the Customer Success team to discuss and track security feature enhancement requests from our global customers
- Work with Product Development teams to help prioritize and validate the urgency of mitigation of identified product vulnerabilities and security feature enhancement requests
- Work with larger security team to define and enforce security best practices and standards and ensure Product Development teams understand them and receive pertinent annual secure coding training
- Review and assist the Security Operations team with efforts such as monitoring, dashboarding, and alerting. Mentor SecOps team with development efforts
- Help create and enforce a strong on call policy in partnership with SecOps
- Assist in interviewing and growing the Security Engineering / AppSec team
- Ensure the team builds architecturally consistent software, of high quality, and follows operational best practices
- Take active role in Threat Modeling in partnership with SecOps, Infra, Engineering teams
- Manage internal communications, both written and verbal, in support of large-scale project delivery
- Partner with peer managers within the Secure Access Engineering organization to coordinate cross-functional initiatives
- Identify product gaps to industry standards, user experience improvements relating to security, and write and implement proposals to address
Skills and experience that will help you succeed
- At least 7 years of software development experience, with a heavy focus on security.
- Extensive knowledge and expertise in identity and authentication flows and products. Must be able to write proposals and implement security features involving public/private key encryption, OIDC, and JWT-based authentication.
- Demonstrated capacity and desire for technical leadership in a fast paced startup environment. This is not a people management position first and foremost, but the ideal candidate can be a tech lead for a small team.
- Excellent skills in translating vague requirements and ideas to architecture diagrams and flows for other engineers.
- High throughput and clear written communication and multitasking - we are a remote company with a highly active Slack culture that moves quickly.
- A good Bitcoin story!
Nice to have, but not required
- Ability to ship front-end code in a React environment, though the majority of the work here is intended to be backend oriented.
- Experience with red team, blue team, and incident management. This is the purview of the SecOps team, but you will be working closely with them.
- Experience and aptitude in technical product management, understanding user experience vs security tradeoffs, helping your team manage work.
Here's a bit about our culture
- We’re a growing team: Fully distributed across the world, Slack and Huddles are huge here.
- We’re very flat: Leadership is desired and encouraged; we hire people who care about and use the product they are working on.
- We’re Bitcoiners: We find solutions that encourage Bitcoin principles. We are often involved in the Bitcoin community through writing, podcasts, conferences, open source projects, and time spent on Twitter to help educate the masses. We love Bitcoin, and it comes through in our daily chats, meetings, and actions.
Join us, become a Swan!
Swan is a leading Bitcoin-only financial services company supporting individuals and companies throughout their Bitcoin journey.