Senior Application Security Engineer at TRM Labs

United States

Apply Now
TRM Labs Logo
Not SpecifiedCompensation
Senior (5 to 8 years)Experience Level
Full TimeJob Type
UnknownVisa
Blockchain, CybersecurityIndustries

Requirements

  • Minimum 8 years of experience in Software Development and testing
  • BS (or equivalent) in Computer Science, Computer Engineering, or related field
  • Proficiency in software development languages: Python, NodeJS, React
  • Strong understanding of encryption, authentication, and authorization protocols
  • Deep experience with common software flaws (e.g., OWASP and CWE), testing methodologies, and using common security tooling for testing
  • Professional experience with open source, commercial, or native security solutions for cloud providers such as GCP and AWS
  • Experience with modern secure software development lifecycles, threat modeling, and best practices
  • Experience with conducting efficient and comprehensive code security reviews on a daily or weekly basis
  • Experience triaging and remediating vulnerabilities in software packages or libraries
  • Experience with Software Security tools such as Github advanced security or other SAST, DAST, and SCA tools
  • Experience with Web application testing frameworks such as BurpSuite, OWASP ZAP, etc
  • Experience with Threat modeling tools such as OWASP Threat Dragon, etc
  • Experience working in a previous agile-based software development role
  • Experience Red Teaming or penetration testing applications and infrastructure
  • Professional experience with cloud providers (e.g., GCP and AWS), modern secure software development lifecycles, and best practices
  • Strong written and verbal communication skills
  • Security certifications such as OSCP, CEH, GWAPT are a plus
  • Familiarity with security frameworks (e.g., NIST SP 800-171 SSDF) is a plus

Responsibilities

  • Lead application security reviews and threat modeling, including secure code review, architectural design, and testing
  • Develop automated testing and mature our Secure SDLC
  • Own and perform application security vulnerability management
  • Coordinate penetration testing engagements
  • Support software engineers and product teams by developing application security best practices
  • Develop and maintain the bug bounty program
  • Bootstrap platform security initiatives that help protect TRM data
  • Inspire a culture of security across the engineering organization by fostering security champions within engineering teams and coordinating secure code training

Skills

Key technologies and capabilities for this role

Threat ModelingSecure Code ReviewSecure SDLCVulnerability ManagementPenetration TestingBug BountyAutomated TestingPlatform Security

Questions & Answers

Common questions about this position

What experience level is required for this Senior Application Security Engineer role?

Minimum 8 years of experience in Software Development and testing is required, along with a BS (or equivalent) in Computer Science, Computer Engineering, or related field.

What programming languages must I be proficient in for this position?

Proficiency in Python, NodeJS, and React is required.

What key security skills and experiences are needed for this role?

Candidates need a strong understanding of encryption, authentication, and authorization protocols; deep experience with OWASP/CWE flaws, testing methodologies, and security tooling; experience with cloud security solutions for GCP and AWS; and skills in threat modeling, code reviews, vulnerability remediation, and tools like SAST, DAST, and SCA.

What is the company culture like at TRM Labs?

TRM Labs has a mission-driven, fast-paced team of experts in law enforcement, data science, engineering, and financial intelligence, tackling complex global challenges, with the Security team committed to securing all aspects of the business and inspiring a culture of security across engineering.

Is the salary or compensation specified for this role?

This information is not specified in the job description.

What does a strong candidate look like for this position?

A strong candidate has 8+ years in software development and testing, proficiency in Python, NodeJS, and React, deep expertise in application security including OWASP/CWE, threat modeling, code reviews, cloud security for AWS/GCP, and experience with SAST/DAST/SCA tools.

Is this a remote position or is there a location requirement?

This information is not specified in the job description.

TRM Labs

Blockchain intelligence for financial crime detection

Website

About TRM Labs

TRM Labs focuses on blockchain intelligence to assist financial institutions, cryptocurrency businesses, and government agencies in identifying and investigating financial crimes and fraud related to cryptocurrencies. The company utilizes advanced data engineering, data science, and threat intelligence to provide tools and insights that help clients combat illicit activities in the crypto sector. TRM Labs serves a wide range of clients, including banks and regulatory bodies, and generates revenue through subscription-based services and customized solutions. Its goal is to enhance the security and integrity of the global financial system by offering comprehensive blockchain analytics and investigative capabilities.

San Francisco, CaliforniaHeadquarters
2018Year Founded
$146MTotal Funding
SERIES_BCompany Stage
Data & Analytics, FintechIndustries
201-500Employees

Benefits

Remote Work Options
Annual Company Offsite
Professional Development Budget

Risks

Increased scrutiny in the UK could affect operations and partnerships in the region.
Collaboration with Tether and TRON may expose TRM Labs to reputational risks.
Cyberattack vulnerabilities in crypto exchanges could impact TRM Labs' clients.

Differentiation

TRM Labs specializes in blockchain intelligence for financial crime detection and investigation.
The company collaborates with major firms like PayPal, Visa, and government agencies.
TRM Labs offers subscription-based services and customized solutions for diverse client needs.

Upsides

Partnership with Four Inc. could increase government contracts in U.S. public sector.
Success in freezing $100 million in assets highlights effectiveness in public-private partnerships.
Collaboration with DeFi platforms like 1inch enhances influence in decentralized finance.

Related Jobs

United States
Remote iconRemote

Senior Application Security Engineer

M&T Bank
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
United States
Remote iconRemote

Application Security Lead

Accurate Background
Salary not specified
  • Employment type iconFull Time
  • Experience level iconExpert & Leadership (9+ years)
Toronto +3 more
Remote iconRemote

Senior Software Engineer, Secure Agents

Cohere
Salary not specified
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years)
United States
Remote iconRemote

Software Engineer, Security

Render
$193,000 - $265,000/year
  • Employment type iconFull Time
  • Experience level iconSenior (5 to 8 years), Expert & Leadership (9+ years)
United States +4 more
Remote iconRemote

Security Engineer, Product Security

Chainlink Labs
Salary not specified
  • Employment type iconFull Time
  • Experience level iconMid-level (3 to 4 years), Senior (5 to 8 years)

Land your dream remote job 3x faster with AI

Try Jobo Free