Product Security Manager, Assessments
Location: San Francisco
Posted on: June 8, 2020
Location: San FranciscoCoinbase has built the world's leading
compliant cryptocurrency platform serving over 30 million accounts
in more than 100 countries. With multiple successful products, and
our vocal advocacy for blockchain technology, we have played a
major part in mainstream awareness and adoption of cryptocurrency.
We are proud to offer an entire suite of products that are helping
build the cryptoeconomy, and increase economic freedom around the
There are a few things we look for across all hires we make at
Coinbase, regardless of role or team. First, we assess whether a
candidate demonstrates our values: Clear Communication, Positive
Energy, Efficient Execution, and Continuous Learning. Second, we
look for signals that a candidate will thrive in a culture like
ours, where we default to trust, embrace feedback, disrupt
ourselves, and expect sustained high performance because we play as
a championship team. Finally, we seek people with the desire and
capacity to build and share expertise in the frontier technologies
of crypto and blockchain, in whatever way is most relevant to their
Read more about our values and culture here.
Security is a primary competency at Coinbase, and the Product
Security team ensures our technology maintains the high bar that
has earned us the trust of millions of users who combined are
buying, selling and storing billions of dollars worth of digital
assets in our products. We measure ourselves by the impact of the
work we do, striving to efficiently drive down technical risk at
Coinbase. The nature of digital assets we custody causes our work
to be focused entirely preventatively, and we fully embrace
'shifting left.' We're looking for kindred souls who believe
security is collaborative and prevention is the only scalable
security solution. Our developer team moves quickly, and we keep
What you'll be doing (ie. job duties):
- We're looking to you to build our first program Penetration
Testing Program. As Coinbase has grown, our Product Security
function has developed organically. We've dabbled in Penetration
Testing and Security Assessment as tools in our work to drive
secure software development, but we have not spent focused time
diving into the nooks and crannies of our environment. This program
will serve to uncover issues we missed earlier in the Security
lifecycle and seek to keep driving up our Security bar.
- Any team is only as strong as the members it's composed of.
Your primary concern will be the growth, development and health of
the team. You'll nurture the team, mentor them and unblock them.
You'll help your teammates find work they enjoy, and find ways to
get through the work they don't. We'll ask you to hire more people
to your team, so you'll need to identify what skills and
personalities you need to get the job done.
- Finally, we're looking for someone who will be accountable to
the operations of the team. You'll work with your leadership to
develop goals and metrics, and then we expect you to hold yourself
accountable to them. Your quality bar defines the quality of the
team, and we're expecting yours to be high. From timelines to
reviews, you'll work to make sure the Security Assessments team
runs smoothly. We'll also ask you to coordinate external
penetration testing engagements as we need them.
- Given we initially expect this team to be small, we want you to
spend some time poking around our systems as well. We suspect 40%
or so of your time will be focused on Penetration Testing or
Security Assessment tasks directly.
What we look for in you (ie. job requirements):
- We're looking for progressive experience in successful
application security teams, with additional credit given to those
who have built and run those teams for a reasonable timeframe (2+
years of manager experience). We want you to bring your learnings
and your failures to our program.
- We want you to have Penetration testing specific experience.
We're looking for 1+ years devoted to Penetration Testing within
the last 4 years. We want you to have recently spent focused time
on Offensive Security and vulnerability hunting.
- We're expecting you to have either an application security or
engineering background (2-3 years of application security or
security engineering experience). You'll be providing support and
mentorship for application security engineers, so you'll need to
have enough experience in the field to guide them as they grow.
From time to time, you may take on a review project for yourself to
keep your skills relevant.
- As the manager of this team, you'll spend a significant amount
of time communicating to your team, to your peers, and across the
company. We look for people who are clear, direct, and kind in
their communications. We're expecting you to have built this skill
in your career, and we'll be testing for it in each step of the
Nice to haves:
- If you worked in a high security and/or highly regulated
industry, we would love to have you extract the essentials of what
you've learned and apply them to the unique challenges Coinbase
faces in Digital Assets.
- If you have extensive experience securing large Rails, NodeJS,
and Golang codebases, we can immediately start applying what you've
learned to the code we are asked to secure. Even better if you've
spent time training others on how to secure those
- If you're fluent in Digital Assets, you'll have less to learn
about the fundamentals of our business, but we do not immediately
decline candidates who are not totally fluent.
Coinbase is committed to diversity in its workforce and is proud to
be an equal opportunity employer and to review all of our job
postings to minimize biased language. Coinbase does not make hiring
or employment decisions on the basis of race, color, religion,
creed, gender, national origin, age, disability, veteran status,
marital status, pregnancy, sex, gender expression or identity,
sexual orientation, citizenship, or any other basis protected by
applicable local, state or federal law. Coinbase will also consider
for employment qualified applicants with arrest and conviction
records in a manner consistent with San Francisco's Fair Chance
Ordinance and similar local laws.
Global Data Privacy Notice for Job Candidates and Applicants
Depending on your location, the General Data Protection Regulation
(GDPR) and California Consumer Privacy Act (CCPA) may regulate the
way we manage the data of job applicants. Our full notice outlining
how your data will be processed as part of the application
procedure for application locations is available here: Ireland/EU,
United Kingdom, and California. By submitting your application, you
are agreeing to our use and processing of your data as
Keywords: Coinbase, San Rafael , Product Security Manager, Assessments, Executive , San Francisco, California
Didn't find what you're looking for? Search again!