Security Engineer

OP Labs contributes to the Optimism protocol, an extension to Ethereum that scales both its technology and values. Optimism enables orders of magnitude of improved performance and scalability to Ethereum while doubling down on its commitment to public goods.

As a Security Engineer you will protect the OP Stack by proactively identifying vulnerabilities and threats through rigorous security assessments, threat modeling, design reviews, and code reviews. You'll collaborate closely with engineers across our stack to embed security best practices into every phase of development, from initial design through deployment and operations. By building and maintaining effective security tools, processes, and procedures, you'll improve our security posture to help safely and swiftly ship code. You will own our multisig security policy, and will contribute to our detection and response efforts by developing monitoring strategies, runbooks, and leading incident response drills.

We are an engineering company with an engineering culture and take security seriously. In this role you’ll have the support of the team and be empowered to do your best work.

What are the role responsibilities?

• Perform comprehensive security assessments, audits, threat modeling, and read teaming on various parts of the stack.

• Develop secure coding standards, guidelines, and policies to ensure best practices are consistently followed.

• Build and lead detection and response capabilities, including monitor development and deployments, runbooks, and incident response workflows.

• Design and maintain secure multisig operational processes, including signer selection, access controls, and key management procedures.

• Be a security leader. Educate and mentor engineers on security practices, fostering a culture of security across the organization.

What skills do you bring?

• Expertise in identifying, understanding, and mitigating security vulnerabilities through threat modeling, security assessments, security reviews, audits, and red teaming.

• Experience building and operating detection and response capabilities, including monitoring, alerting, and incident handling.

• Familiarity with best practices for operational security of multisigs, including signer management, access controls, and secure workflows.

• Experience shipping safety-critical code in a fast-paced environment.

• High agency. You will help identify gaps to determine security priorities, and proactively drive initiatives to address them across the organization.

• Exceptional analytical, problem-solving, and communication skills, with the ability to clearly articulate security risks and solutions.

What will you like about us?

• We take care of our employees. Competitive compensation, fully paid medical, dental, and vision, and a 4% 401K match—learn more about our benefits, culture, and all recruiting FAQ here.

• We take pride in the accomplishments of our teammates and support each other in doing the best work of our careers.

• Our team is a diverse group of people from varied backgrounds. We cherish our eclecticism and consider it a great strength.

• We’re fully remote, deeply engaged, highly skilled, and like to have fun.

• We think long-term. Our founders have been scaling Ethereum since 2015.