The above represents the expected base salary range for this job requisition. Ultimately, in determining your pay, we’ll consider your level, experience, and other job-related factors.

Company

OP Labs PBC, formerly known as Optimism PBC, is bringing Web2 usability to Web3 apps. Built by Ethereum developers, for Ethereum developers, OP Labs is the only secure decentralized blockchain infrastructure specifically intended to optimize and scale Ethereum. OP Labs develops open-source codebase software and operates optimistic L2 rollups to ensure Ethereum maintains the three central properties of blockchain: decentralization, security, and scalability.

OP Labs can be seen as an extension of Ethereum, from its philosophy down to its tech stack. They promote the growth and sustainability of public goods, through Retroactive Public Goods Funding, never to be captured by private commercial interests. They aim to make transacting on Ethereum affordable and accessible to everyone.

Backed by a16z and Paradigm, OP Labs has raised over $175M in funding, ensuring multiple years of runway, and is looking for a Security Engineer to support emerging phases of growth.

Role and Responsibilities:

As a Security Engineer you will protect the OP Stack by proactively identifying vulnerabilities and threats through rigorous security assessments, threat modeling, design reviews, and code reviews. You'll collaborate closely with engineers across our stack to embed security best practices into every phase of development, from initial design through deployment and operations. By building and maintaining effective security tools, processes, and procedures, you'll improve our security posture to help safely and swiftly ship code. You will own our multisig security policy, and will contribute to our detection and response efforts by developing monitoring strategies, runbooks, and leading incident response drills.

We are an engineering company with an engineering culture and take security seriously. In this role you’ll have the support of the team and be empowered to do your best work.

What are the role responsibilities?

• Perform comprehensive security assessments, audits, threat modeling, and read teaming on various parts of the stack.

• Develop secure coding standards, guidelines, and policies to ensure best practices are consistently followed.

• Build and lead detection and response capabilities, including monitor development and deployments, runbooks, and incident response workflows.

• Design and maintain secure multisig operational processes, including signer selection, access controls, and key management procedures.

• Be a security leader. Educate and mentor engineers on security practices, fostering a culture of security across the organization.

What skills do you bring?

• Expertise in identifying, understanding, and mitigating security vulnerabilities through threat modeling, security assessments, security reviews, audits, and red teaming.

• Experience building and operating detection and response capabilities, including monitoring, alerting, and incident handling.

• Familiarity with best practices for operational security of multisigs, including signer management, access controls, and secure workflows.

• Experience shipping safety-critical code in a fast-paced environment.

• High agency. You will help identify gaps to determine security priorities, and proactively drive initiatives to address them across the organization.

• Exceptional analytical, problem-solving, and communication skills, with the ability to clearly articulate security risks and solutions.

What will you like about us?

• We take care of our employees. Competitive compensation, fully paid medical, dental, and vision, and a 4% 401K match—learn more about our benefits, culture, and all recruiting FAQ here.

• We take pride in the accomplishments of our teammates and support each other in doing the best work of our careers.

• Our team is a diverse group of people from varied backgrounds. We cherish our eclecticism and consider it a great strength.

• We’re fully remote, deeply engaged, highly skilled, and like to have fun.

• We think long-term. Our founders have been scaling Ethereum since 2015.

Compensation Range: $200K - $300K