hero

A world of opportunity

Discover the next chapter of your career at CoinFund or a CoinFund portfolio company.
69
companies
259
Jobs

Rust AppSec Engineer

Polkadot

Polkadot

Software Engineering
Remote
Posted on Wednesday, December 7, 2022

As stewards of the Polkadot and Substrate ecosystem, Parity is laying the foundation for a better web which respects the freedom and data of individuals and empowers developers to create better services through decentralised technology. The internet is too important to billions of people for it to be at the mercy of a few powerful companies.

With a remote-first, global team of 340+ people, Parity is building open-source technologies for developers and organisations to implement and build upon. Our Web3 tech stack includes Polkadot, Substrate, and Kusama.

We believe in a decentralised web that respects the freedom and data of individuals and empowers developers to create better services. Our vision is to create a world based on truthful, rather than trustful, interactions. Our mission is to make Polkadot the most active and innovative community in blockchain.

About the team:

The Application Security (AppSec) department plays a critical role at the heart of our security processes. Our primary mission lies in protecting and assuring our blockchain and products, bolstering their resilience against potential cyber threats. We operate behind the scenes, collaborating closely with various engineering teams on our AppSec aspects to ensure the smooth functioning of the company.

About the position:

We are seeking an innovative and accomplished Rust AppSec Engineer coming from a software development background to join the Parity Security team. You will take a critical role in upholding the security of Parity Technologies products.

You will influence the technical architecture of new and existing products, ensuring that security is a keystone in their designs. You would be the owner of Application security of products through pentesting and threat modelling, and contributing towards internal tooling and integration to ensure that security is baked into the software development lifecycle. Engineers will come to you as a trusted source of guidance for the secure development and maintenance of their products. Your insight will be consulted for strategic, practical and technical decisions, to guarantee that security is not an afterthought in our technical roadmap. You will also:

  • Work with other application security engineers on technical development of projects in Rust. Contributing to the main public open-source projects shaping the future of the ecosystem.

  • Provide technical expertise and guidance for developers around the secure development of their products. Keep up to date with evolving InfoSec trends, emerging risks, and growing industry-wide technological shifts.

  • Perform assessments of products, such as code review, or services that are being tested but are not yet in production.

  • Sympathise with the goals trying to be achieved by other teams; help to push solutions out securely rather than just blocking solutions outright. We're here to work with others getting their products out in a manner that's secure for our customers, not to just reject solutions without context.

About you:

As a Rust AppSec Engineer you will have:

  • Solid experience in Rust development and Rust Security is a MUST.

  • Proven capability in building strong partnerships with engineers.

  • Exposure to cryptography, decentralised networking, hardware key management solutions. Basics at least, we want you to be motivated to learn more.

  • A wide array of security tools and approaches: you should be leading our way when setting up SAST, DAST, fuzzing, property-based testing, symbolic execution, network simulation tools and such.

  • A self-starter attitude: most of the time there would be little guidance on which areas to work on first and what to improve there. You’re expected to determine that yourself, keeping company-wide goals in mind, and drive those initiatives to completion.

If possible, we'd also love you to have:

  • A risk-based, solution-oriented approach to resolving security issues.

  • Experience in threat modelling, red/blue teaming, working with best in class independent security teams and turning their findings into actual deployed fixes in our codebase;

  • Prior work experience in blockchain/cryptocurrency fields.

  • A background in open-source software development.

  • Passionate about Web 3.0 and what it represents for the future.

About working for us:

  • Competitive remuneration packages based on iterative market research, including tokens (where legally possible)

  • “Future of work” environment that’s remote-first and self-initiating with flexible hours

  • Team mates that are genuinely excited about their impact and projects

  • Access to the brightest minds in this space to learn about Web3 and develop your skills and knowledge while on the job

  • Becoming part of the wider ecosystem (career and networking opportunities)

  • Team and company-wide retreats

  • Work laptop

  • Opportunity to relocate to Germany or Portugal (with visa sponsorship)

Those joining our collective as an employee in Germany, Portugal, and the U.K. also enjoy benefits such as health care, parental leave, PTO (28 days per year), local team events, yearly L&D budget, and language classes.


Parity is an Equal Opportunity Employer. We welcome diversity in our global team and care about everyone in our collective feeling included and welcome.

View our Applicant Notice to see how we use your data.Is this position not quite your match? Browse our other open roles.