Coinbase is on a mission to increase economic freedom in the world, and they are seeking a Senior Offensive Security Engineer to enhance their digital security. The role involves conducting penetration tests, assessing vulnerabilities, and collaborating with teams to integrate security best practices.
Responsibilities:
- Assess the digital security of physical spaces (e.g., labs, offices), including expertise in IOT/IOT automation and prosumer networking gear
- Conduct comprehensive penetration tests on networked devices, including hardware, firmware, and integrations
- Identify and exploit vulnerabilities in ecosystems, providing detailed reports and recommendations for remediation
- Collaborate with security and development teams to integrate security best practices throughout the device lifecycle
- Stay current with the latest security threats, vulnerabilities, and industry best practices for securing physical spaces
- Present findings and recommendations to technical and non-technical stakeholders, including executive leadership
Requirements:
- Active, current, or recently expired security clearance
- 2+ years of experience working with C-Suite at S&P 500 organizations
- Proven penetration testing expertise across the full threat spectrum, from common criminal actors up to highly sophisticated, resource-rich Advanced Persistent Threats (APTs) and nation-state actors
- Proven expertise in penetration testing the full digital security of physical spaces, including building management systems (BMS), physical access control systems (PACS), IoT/home automation devices, wireless protocols (LoRaWAN, Bluetooth, Zigbee, etc) and networked security infrastructure (e.g., IP cameras and alarms)
- Extensive experience working with executives at large, complex organizations
- Strong understanding of networking protocols and architectures, security frameworks, and building security best practices
- Proficiency in various penetration testing tools and methodologies
- Excellent communication and report-writing skills
- Ability to travel occasionally, based on business needs
- Participation in computer security competitions (CTFs), Bug Bounty programs, open source security research, CVE analysis
- Experience in Web3 security, network security and/or cloud security
- Experience with developing and implementing security tooling to support penetration testing and AI penetration testing activities
- Experience pentesting AI systems and LLMs