Block.one is a software publisher specializing in high performance blockchain technologies. Its first project, EOSIO, an open-source blockchain protocol designed to enable secure data transfer and high-performance decentralized applications, has received global recognition as the first performant blockchain platform for…
We are looking for a passionate Information Security engineer to join our team in Blacksburg, VA
As Block.one security engineer, you will cooperate with Dev, QA, DevOps and TechOps to ensure that our solutions and products are designed and implemented to the highest security standards.
You will perform technical security assessments, code reviews and vulnerability testing to proactively build effective methods to enhance our overall security posture. You will also oversee the EOSIO bug bounty program.
- Provide security guidance on a constant stream of new products and technologies
- Conduct regular technical security assessments, code audits and design reviews
- Analyze, assess, and respond to various information security threats
- Develop technical solutions to help mitigate security vulnerabilities
- Oversee the EOSIO bug bounty program (https://hackerone.com/eosio)
- Analyze bug bounty data to identify vulnerability patterns and trends, and research/recommend technical solutions
- 6 years of experience in application-level vulnerability testing (e.g Cross Site Scripting, SQL Injection, LDAP Injection, Cross Site Request Forgery, Insecure Cryptographic Storage, etc) and code-level security auditing
- Strong proficiency in C++, with solid knowledge of language specification and solid understanding of Boost and Lambdas
- Knowledge of the various cybersecurity frameworks and related industry-leading practices such as NIST, FFIEC, and OWASP
- Formal background in cryptographic protocols and best practices, including knowledge of symmetric and asymmetric protocols, hashing, key exchange, and certificate management
- Familiarity with CVEs and ability to communicate their meaning to the engineering team by translating them into actionable actions
- Contributions to the security community (public research, presentations, blogging, etc)
- Experience of writing native modules for high-level languages (node.js, wasm,etc.)
- Experience with Amazon Web Services and Google Cloud Platform
- Experience with vulnerability analysis, software compliance standards (e.g., FedRAMP, SOC2, FIPS, DISA STIG)
- Experience with Docker/Kubernetes
- GIAC certifications and/or other security-based credential (CISSP CSSLP, SSCP, CCSP and CAP)
About Block.one LLC
Block.one LLC is a creator of Decentralized Autonomous Corporations (DACs), a concept introduced by CTO Daniel Larimer in 2014 that empowers open source communities to disrupt existing centralized business models. Currently we, along with others globally, are developing EOSIO, a revolutionary open-source decentralized blockchain infrastructure that will be used worldwide as the basis for developing countless high-throughput blockchain applications. We are looking for extraordinary technology professionals to join the Block.one LLC team in our continuing quest to enhance, refine and scale EOSIO for our rapidly expanding developer community.
Published by Block.one, EOSIO is a blockchain protocol that enables horizontal scaling of decentralized applications, allowing developers to efficiently create high performance distributed applications. The EOSIO software provides accounts, authentication, databases, and the scheduling of applications across multiple CPU cores and/or clusters. This allows for horizontal scalability, replaces user fees with an ownership model, and powers simple deployment of decentralized applications. Check out the EOSIO GitHub repository to read our source code and, for more information, visit the resources section of the EOSIO website.