Security Engineer
Role in brief
Offchain Labs is hiring a Security Engineer to build and maintain secure cloud infrastructure, automate security processes, and contribute to their information security program. This role suits a mid-level professional with strong AWS and Kubernetes experience who can translate technical security details into actionable recommendations.
About the role
This role focuses on designing and implementing secure cloud architectures, specifically within AWS, and establishing secure CI/CD pipelines. A key part of the work involves automating security controls to streamline processes and training developers on best practices to embed security throughout the development lifecycle.
The Security Engineer will actively contribute to the company's overall information security program. This includes developing and refining security policies, standards, and procedures, as well as participating in security awareness initiatives. Success in this position means consistently integrating security into new and existing systems and fostering a security-conscious culture.
A significant aspect of the job involves proactive security measures such as conducting security design reviews, performing threat modeling to identify potential vulnerabilities, and executing various forms of security testing. The ideal candidate will ensure that systems are robust against threats and that security is considered from the initial design phase.
The annual salary for this position ranges from $95,000 to $125,000, in addition to bonuses.
Skills that matter here
- AWS: This role requires expert knowledge of AWS to design and implement secure cloud architectures.
- Kubernetes: Expertise in Kubernetes is necessary for securing containerized environments and related infrastructure.
- security frameworks: A deep understanding of frameworks like SOC2, ISO 27001, and NIST CSF is needed for program development and compliance.
- threat modeling: Threat modeling is a core responsibility to identify and mitigate potential security risks in systems.
- security testing: This role involves conducting various forms of security testing to validate system defenses.
Who this role suits
- You have at least five years of experience specifically in security engineering.
- You are adept at explaining complex technical security concepts in a way that helps others understand risks.
- You are comfortable working in a fully remote, globally distributed team environment.
- You are proactive in identifying and addressing security vulnerabilities throughout the development lifecycle.
From the employer
- Design and implement secure cloud architectures (AWS) and CI/CD pipelines
- Automate security controls and train developers
- Participate in the development of the information security program (policies, standards, procedures, awareness)
- Conduct security design reviews, threat modeling, security testing
- 5+ years of experience in security engineering
- Expert knowledge of AWS, Kubernetes, secret management tools (Vault, KMS)
- Deep understanding of security frameworks (SOC2, ISO 27001, NIST CSF)
- Experience in threat modeling, security testing
- Excellent communication skills (ability to translate complex technical details into risk-oriented recommendations)
- Fully remote, global team
- Professional reimbursement (conferences, certifications)
- Medical insurance, 401k (for US employees), wellness stipend
- Home office equipment and expense reimbursement
- Annual team offsites
Questions about this role
What is the remote work policy for this role?
This is a fully remote position, and the team operates globally.
What is the seniority level for this position?
This is a middle-seniority role.
What skills are required for this Security Engineer position?
Required skills include expert knowledge of AWS, Kubernetes, secret management tools, a deep understanding of security frameworks, and experience with threat modeling and security testing.