Software Engineer II, Security

We are a dedicated security engineering team, skilled in cybersecurity, cloud security, application security, and regulatory compliance. Our globally distributed team leverages unique experiences and skillsets to build and operate security services that safeguard our platform. We prioritize a proactive approach to prevent security issues and stay ahead of potential threats, ensuring the continuous protection of our services.

Are you a software developer passionate about writing secure code and eager to transition into a security-focused role? Are you currently in the security field and love to code? How would you like to use your coding expertise to enhance security measures, develop custom tools, and drive innovation in cloud, crypto, and GenAI security, while building secure cloud infrastructures and safeguarding crypto assets?

As a Software Engineer, Security you will leverage your coding skills to design and implement robust security frameworks that protect our software and infrastructure. You will work closely with development teams to integrate security practices throughout the software lifecycle, ensuring that all products meet the highest security standards before deployment.

Key Responsibilities:

• Code Development: Lead efforts in writing secure code and developing custom security tools to address specific security challenges.

• Security Integration: Work closely with development teams to integrate security protocols and standards into the software development lifecycle, ensuring robust and secure product releases.

• API Security: Develop and implement secure coding practices for APIs, ensuring they are protected against common vulnerabilities such as injection, broken authentication, and data exposure.

• Penetration Testing & Vulnerability Assessments: Conduct regular security assessments, including penetration tests and code reviews, to identify and address vulnerabilities.

• Custom Security Tooling: Develop, maintain, and enhance custom security tools to automate security processes and improve our overall security posture.

• Continuous Improvement: Analyze and apply findings from static and dynamic application security testing to continuously enhance system security.

• Cross-functional Collaboration: Collaborate with cross-functional teams to implement security best practices and enhance security features within product designs.

What We’re Looking For:

We’re seeking software developers who are ready to step into the realm of security engineering. Ideal candidates will have:

• Coding Expertise: Proficiency in Java, JavaScript, or Python, with a focus on writing secure and maintainable code.

• Infrastructure-as-Code: Experience using and building Terraform modules to ensure secure infrastructure deployment.

• Secure Coding Practices: The ability to ensure consistent and secure coding practices across different languages and platforms.

• Penetration Testing & Vulnerability Assessment: Familiarity with security tools such as Metasploit, Burp Suite, or OWASP ZAP to identify and address security weaknesses.

• Security Protocols & Standards: Knowledge of encryption, hashing, and digital signatures to secure data and communications.

• Application Security Testing: Experience with both manual and automated static (SAST) and dynamic (DAST) application security testing to identify and mitigate vulnerabilities.

• API Security: Expertise in securing REST APIs against common attacks such as injection, broken authentication, and data exposure.

• Dependency Management: Experience managing software dependencies, including open-source and third-party libraries, to ensure secure and approved components.

• Communication Skills: Strong verbal and written communication skills to effectively collaborate with cross-functional teams and articulate security issues and solutions.

Nice to Have:

• CI/CD Pipeline Experience: Familiarity with assessing, building, and automating a secure CI/CD pipeline to enhance the efficiency and security of the software development process.

Technologies We Use:

• Coding Languages: Java, JavaScript, Python

• Infrastructure-as-Code: Terraform for secure and automated infrastructure deployment

• Cloud Platforms: AWS, GCP for scalable and secure cloud solutions

• CI/CD Tools: GitHub, GitHub Actions, Jenkins for continuous integration and deployment

• APIs: REST APIs for building and securing our platform's interface

About Chainalysis

Blockchain technology is powering a growing wave of innovation. Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases. As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer. That’s where Chainalysis comes in. We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions. With Chainalysis, organizations can navigate blockchains safely and with confidence.

You belong here.

At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. Some of the ways we’re ensuring we keep learning are an internal Diversity Committee, Days of Reflection throughout the year including International Women’s Day, Harvey Milk Day, World Humanitarian Day, and UN International Migrants Day, and a commitment to continue revisiting and reevaluating our diversity culture.

We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. If you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here . We can’t wait to meet you.