Security Researcher

About The RoleWe are looking for a Security Researcher to expand our security team efforts in identifying and countering new threats, improving security awareness for our users, and evaluate security-posture. This role will offer experience in an ever-evolving web3 industry, with ever-evolving security events.You will be responsible for disclosing security research on web3 space vulnerabilities with the MetaMask security team, ConsenSys security team and external stakeholdersWhat you’ll do:

• Identify new methods for improving awareness and countering new threats.
  • Proactively research ways in which bad actors could (and do) cause a threat to our users and products. Although some of the results may be hypothetical, it will be a proactive approach to security for our products.
  • Actively look for threats within the ecosystem, working closely with the threat intelligence team/platforms, to build reports and monitor ongoing security events in the space.
• Code reviews.
  • Evaluate certain pull-requests on JavaScript/Typescript codebases, with a keen eye on secure-code.
  • Report findings and track mitigation process, for both internal and external reports.
• Research security posture on tools used by MetaMask.
  • Working closely with Consensys Security to help analyze new product solutions.
  • Research FOSS tools that are integrated within MetaMask.
  • Identify gaps in existing security and develop tools to close the gap.
• Evaluate security incidents in the Web3 space.
  • Write external-facing reports on exploits in the ecosystem to help educate everyday users and products take a security-first approach.
  • Work with external banners on security post-mortems.

Who we’re looking for:

• Someone who has a passion for open-source and security.
• Someone who is especially familiar with Web3 terminology.
• Someone who has experience with handling cybersecurity-related events.
• Someone who is familiar with past security incidents on Web3 banners (both blockchain-based and web2 based).
• Someone who is a team-player and can work well with cross-team collaboration.
• Someone who has excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.

Bonus points:

• You have a portfolio of write-ups on web2/web3 security.