Application Security Engineer
Swan is the leading education focused Bitcoin-only onramp for retail customers, high net worth individuals and corporations looking to save in Bitcoin for the long term. We hire passionate Bitcoiners who want to work with a self-motivated and fully distributed startup team.
Swan is looking for Bitcoiners who are security minded builders and breakers! If you geek out on everything security related and like working with a passionate team of Bitcoiners that only care about doing what’s right for Bitcoin, you’ll be at home here.
As a member of our Security Engineering team, you will be working on application code that directly impacts internal and user security ranging from authentication and authorization flows, to integrating with vendors and open source products to detect and respond to threats.
You will be building strong working relationships across the organization with a focus on raising the security bar with our product and engineering team, helping model Swan’s attack surface and turn detections into preventions.
Skills and experience that will help you succeed:
- Mid to senior level expertise in web/api development. We mostly use Node.js but any relevant experience will work!
- Strong understanding of security assurance methodologies and technologies, such as secure coding standards, static and dynamic security testing, threat modeling, and secure software development lifecycles.
- Familiarity with secure by default and zero trust models.
- Passion for helping Bitcoin reach more people through simplifying and improving security models around custody and storage.
- Strong experience evaluating application security, threat modeling and identifying areas of risk.
- Cloud experience, especially AWS, a major plus.
Some things you will do day to day:
- Build user facing and internal software products to aid in securing Swan customers and employees.
- Discover and investigate potential security issues in Swan products.
- Train developers on security best practices and implementation.
- Aid in code reviews, focused on security bug reduction.
- Collaborate with architects, engineers, and other security practitioners to assess core applications.
- Review and verify reported vulnerabilities, perform root cause analysis, and partner with developers to drive corrections.
- Form a strong relationship with developer teams and serve as point of contact and security SME for questions arising around secure development.
Here's a bit about our culture:
- We’re a growing team: Fully distributed across the world, Slack and video conferencing are huge here.
- We’re very flat: Leadership is desired and encouraged; we hire people who care about the product they are working on.
- We’re Bitcoiners: We find solutions that encourage Bitcoin principles. Many of us pull double duty alongside our main job, producing content for Bitcoin newsletters, podcasts, social audio platforms, and YouTube shows, and spend some of the day on Twitter educating the masses. We love Bitcoin, and it comes through in our daily chats, meetings, and actions.
Join us, become a Swan!