Listing Description

Key Summary

We are looking for a software security engineer that can contribute toward the design, implementation and optimization of application security practices within our different software development teams. If you’re passionate about security and open-source development and prefer to be on the makers’ side of things while still nurturing an attacker mindset, this role is ideal for you!

The ideal candidate will help shape a brand new security team and drive trust on the decentralized Internet. They will do this by solving hard security problems in areas like fuzzing, security-focused code review (including dynamic and static analysis), security-focused testing and design review, software supply chain management (SBOM, monitoring, etc.), threat modeling, risk analysis, and risk management.

About the Network Operations team

The Network Operations Team’s mission is to grow adoption and growth of the decentralized Internet by building software infrastructure for implementation of the Filecoin, IPFS, and Drand protocols, and operating them as services that can be consumed in a secure, reliable, and scalable manner. We succeed through teamwork, favoring simplicity over sophistication, and fostering a sense of community.

As an Application Security Engineer at Protocol Labs, you will…

• Identify the areas and components whose security needs improvement. Work with project teams to perform proper threat modelling and determine the measures to be taken.


• Implement CI/CD level fuzzing on core components (mostly in Go and Rust).


• Help us automate and contribute to, or develop, open-source tools to improve our security posture.


• Contribute to internal security reviews and audits of our codebases.


• Identify security gaps and bring new processes or solutions to fix these.


• Be a security advocate within Protocol Labs.

You may be a fit for this role if you have.…

• Have 4 years of experience in software engineering, with a focus on security


• Strong threat modeling skills, demonstrable experience in security engineering


• Software engineering and scripting experience (Go, Python, Rust; bash, semgrep, regexp)


• Security testing skills (static, dynamic and fuzz testing)


• Good understanding of common security flaws and bugs


• Good understanding of the DevOps philosophy and interest in GitOps


• Excellent written and verbal communication skills on both technical and non-technical issues


• A keen awareness of teamwork, process, and patterns of successful collaboration in an async environment.


• A will to challenge the status quo and bring the changes we need.

Bonus points…

• Experience working in a DevOps team


• Experience working with code analysis software


• Experience implementing fuzzing tests


• Experience with supply chain management


• Experience performing security audits, assessment or consulting in application security