Senior Application Security Engineer



Posted on Friday, April 14, 2023
OpenSea is the first and largest marketplace for NFTs, offering a diverse range of unique and verifiable digital assets backed by blockchain. We're excited about building a platform that supports a brand new economy based on true digital ownership and are proud to be recognized as Y Combinator's #3 ranked top private company.
When hiring, we look for candidates who can thrive in our culture of trust, feedback, and rapid growth. We believe that diversity and inclusivity are essential to our success, and we provide equal employment opportunities regardless of background or identity. Our opportunities support remote, hybrid, or onsite work at our offices in New York City, San Francisco, or Silicon Valley, and we're dedicated to creating an environment where all employees can do their best work and contribute to the growth of our platform.
As we continue to expand our platform, we are seeking a highly experienced and motivated Senior Application Security Engineer with Web3 expertise to join our team. The ideal candidate will be responsible for leading the efforts to ensure the security and integrity of our platform by identifying and mitigating potential threats, as well as maintaining and improving the overall security posture of our applications.


  • Lead the development, implementation, and maintenance of secure coding practices for our platform, with a strong focus on Web3 and blockchain technologies
  • Conduct advanced security assessments, threat modeling, and code reviews of our applications and smart contracts, providing guidance to the engineering team
  • Continuously monitor, identify, and remediate vulnerabilities in our applications and infrastructure, while driving security improvements
  • Collaborate closely with cross-functional teams, including developers and product managers, to develop secure applications that adhere to industry best practices and regulatory requirements
  • Design and implement advanced security features, such as authentication, authorization, and encryption, to protect sensitive data and user privacy
  • Stay ahead of the latest security trends, vulnerabilities, and threat intelligence, as well as emerging technologies in the Web3 and blockchain space, providing recommendations to the team
  • Develop and deliver security awareness training for developers and other team members, fostering a security-first mindset across the organization
  • Lead incident response efforts and conduct post-mortem analysis to identify root causes and implement measures to prevent future occurrences

Desired Experience

  • Minimum of 5 years of experience in a related role, such as: security, devops, site reliability engineering, or software engineering
  • Proficient in one or more programming languages, such as Python, JavaScript, Typescript, or Golang.
  • Familiarity with web application frameworks such as React, Next.js, or Django
  • Solid understanding of web3, DAPPs, and smart contract development, preferably with experience in Ethereum or other similar platforms. A nice to have would be Solidity development experience.
  • Strong knowledge of web security principles and best practices, including but not limited to OWASP Top Ten, secure coding practices, and encryption
  • Experience in analyzing systems and identifying security problems, threat modeling, code auditing, data security, system design, and security reviews.
  • Excellent problem-solving skills and the ability to adapt to new challenges in a fast-paced environment
If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone who is excited to join the team.
The base salary for this full-time position, which spans across multiple internal levels depending on qualifications, ranges between $170,000 - $285,000 plus benefits & equity.