Senior Offensive Security Engineer

About

Are you ready to challenge your limits and help shape the future? At Coinbase, our mission is to enhance economic freedom globally, and we want you to be a part of this transformative journey. We seek an exceptional candidate who is passionate about our mission and believes in the potential of crypto and blockchain technology to revolutionize finance.

We are ideally looking for someone who thrives under pressure and relishes the challenge of addressing complex problems. Our work culture is intense, fostering excellence among colleagues who push each other to grow. While many roles at Coinbase support remote work, we emphasize in-person participation, hosting multiple team and company-wide offsites each year to enhance collaboration and connection.

The Application Security team is looking to hire a Senior Offensive Security Engineer with a focus on Offensive Security. You will be joining a talented team to assess and secure the digital security of physical environments. If you have a strong technical background and are eager to contribute, we want to hear from you!

What you'll be doing

• Assess the digital security of physical spaces such as labs and offices, especially in IoT, IoT automation, and prosumer networking environments.
• Conduct thorough penetration tests on networked devices, including hardware, firmware, and integrations.
• Identify and exploit vulnerabilities within ecosystems, followed by producing detailed reports and remediation recommendations.
• Collaborate with security and development teams to embed security practices throughout the device lifecycle.
• Stay up-to-date with the most current security threats, vulnerabilities, and industry best practices for physical space security.
• Present findings and recommendations to both technical and non-technical audiences, including executive leadership.

What we look for in you

• An active, current, or recently expired security clearance.
• A minimum of 2 years of experience working with C-Suite executives at S&P 500 organizations.
• Demonstrated penetration testing proficiency across diverse threat actors, from common criminals to sophisticated APTs and nation-state threats.
• Expertise in penetration testing the digital security of physical environments, including building management systems (BMS), access control systems (PACS), IoT/home automation devices, and wireless protocols (LoRaWAN, Bluetooth, Zigbee, etc.).
• Extensive experience collaborating with executives in large organizations.
• Strong foundation in networking protocols, security frameworks, and best practices in building security.
• Proficient in various penetration testing tools and methodologies.
• Excellent communication and report-writing capabilities.
• Willingness to travel occasionally based on business needs.

Nice to have

• Experience in security competitions (CTFs), Bug Bounty programs, open-source security research, and CVE analysis.
• Knowledge of Web3 security, network security, or cloud security.
• Experience in developing and implementing security tools for penetration testing and AI penetration testing activities.
• Background in penetration testing AI systems and large language models (LLMs).

Pay Transparency

Depending on your work location, the expected annual base salary for this role ranges from $186,065 to $218,900 USD. Full-time offers also include bonus eligibility, equity eligibility, and benefits (including medical, dental, vision, and 401(k)).

Application and equal opportunity

Candidates may submit a maximum of four applications within any 30-day period. We encourage you to align your skills and interests with Coinbase's roles before applying. Coinbase is an Equal Opportunity Employer and considers all qualified applicants without regard to race, color, religion, gender, national origin, age, disability, veteran status, or any other basis protected by applicable law.

If you require reasonable accommodations due to a disability during any part of the employment process, please contact us. This will ensure your request is addressed appropriately.

Location

Please note that we are seeking candidates willing to participate in in-person meetings throughout the year at our designated work address.