Staff KMS Security Engineer (Security)

Position Overview

• Location Type: Remote
• Job Type: Full-Time
• Salary: Not specified

Phantom is revolutionizing the way millions of people interact with the crypto ecosystem. Our self-custodial wallet offers a seamless, unified experience for managing accounts and tokens across Solana, Bitcoin, Ethereum, and Polygon, empowering users with a single, convenient solution. By integrating cutting-edge security features and launching innovative tools for an enhanced personalized user experience, Phantom is able to provide a next-generation, safe and easy to use self-custodial wallet for everyone. This strategy has allowed Phantom to achieve significant milestones including surpassing 15 million MAU’s, reaching #1 in the Google play store finance category, and consistently trending as a Top 50 app across all categories, right next to X, PayPal, Coinbase, and ChatGPT.

Responsibilities

• Own critical security infrastructure/services for the company (Key Management for wallet infrastructure).
• Perform regular security assessments on new projects, infrastructure and code.
• Identify and mitigate security vulnerabilities in code, systems and networks through manual testing, automated tools, threat modeling and threat intelligence.
• Keep up to date with the latest offensive security techniques, application security threats, and best practices in the blockchain space, and recommend improvements to security posture.
• Write detailed reports of your findings and present them to management and technical teams, and help to prevent real-world attacks.
• Work with development teams to implement secure coding practices and to ensure the integrity of cryptographic functions.
• Collaborate with other teams such as development and platform to ensure that security is integrated throughout the organization.
• Participate in incident response and incident management activities.
• Lead large cross-team projects.

Requirements

• 7+ years of experience in offensive security techniques, with a focus on blockchain technology and cryptography.
• Experience working with Key Management Services.
• Strong understanding of security risks, vulnerabilities and concepts in web and mobile applications.
• Proficient in code review for JavaScript & Typescript with a strong understanding of application security threats and offensive security techniques.
• Ability to write PoCs to prove vulnerabilities, review and ensure that patch code meets the standards set by the repository owners and maintainers.
• Strong analytical and problem-solving skills.
• Good verbal and written communication skills.

Nice to Have

• Experience working as a security software engineer at crypto companies.
• Experience developing key management solutions.
• Experience working with HSM, trust computing, TEEs (AWS Nitro Enclave or Intel SGX).

Why Work with Us

• Opportunity: We are a team of experienced builders in the blockchain and crypto industry.
• Our journey began from users seeking an easy, seamless path to accessing the crypto ecosystem. This passion fueled our exponential growth, allowing us to onboard over 7M+ active users in just over three years; with our user base growing weekly.
• Our dedication to a secure and seamless user experience has made us the leading wallet on Solana as well as our multi-chain approach enhances our platform's versatility, meeting the needs of a diverse and growing user base.
• By staying at the forefront of technology and user expectations, we continue to innovate and set industry standards on self-custodial crypto wallets.