Security Audit Engineer

Remote

Exodus is looking for a security focused engineer who is passionate about identifying and fixing security vulnerabilities in the JavaScript and crypto ecosystem. Your role will be to ensure the security footprint of the third party dependencies we bring into our wallet are safe for the millions of users of our products to secure and exchange their crypto assets. We are specifically looking for a security focused JavaScript engineer who is excited to work with our existing team to make improvements to tooling around our security audit process and work with the team to audit in-house and third party crypto libraries.

What You Will Do

• Improve wallet security, by ensuring all of the code we ship is trustworthy.
• Increase the security audit capability of our team, thus increasing the overall development velocity for our product.
• Increase the overall maturity level in the Secure Software Development Lifecycle.
• Work with the team to audit third party libraries. A primary focus of this role is auditing code in JavaScript packages for potential security vulnerabilities and malicious code.
• Improve tooling around our security audit process.
• Collaborate with the overall security team to improve security posture throughout the product.

Who You Are

• You have 3+ years of JavaScript experience in addition to 3+ years of JavaScript security experience.
• You can demonstrate proven ability to understand C++ and identify vulnerabilities in the code.
• You have some cryptography experience in your background. 
• Strong written and verbal communication skills are a must.
• You possess excellent security skills. A primary  responsibility is collaborating with our existing security team to contribute to existing audits and audit processes.
• You are driven, have initiative, are well organized, and are able to self-prioritize day-to-day tasks, as determined by team and leadership goals.
• You have the ability to unblock yourself in a largely asynchronous work environment.

Nice to Haves

• Experience with the security intricacies of React + React Native and Electron.JS, as well as the broader NodeJS ecosystem.
• Experience with automated code security analysis tools (Snyk, SonarQube, LGTM/CodeQL, etc).
• The ability to self organize.