Security Engineer

at  CryptoKitties Canada

We’re looking for a Security Engineer to work with our SRE and IT teams to validate that our services and infrastructure meet the highest security standards.
The ideal candidate has experience with SRE infrastructure hardening and testing, including access/roles, K8s security, secret management security, WAF and network defences; infrastructure security monitoring and alerting, endpoint security monitoring and response, and IT VPN and network security operations.

A LITTLE ABOUT US:

Dapper Labs is the company behind CryptoKitties. Formed in February 2018, Dapper Labs was spun out of Axiom Zen to spread the benefits of decentralization through the power of play, fairness, and true ownership. Notable investors in Dapper Labs include Andreessen Horowitz, Union Square Ventures, Venrock, Google Ventures, Samsung, and the founders of Dreamworks, Reddit, Coinbase, Zynga, and AngelList, among others. CryptoKitties is the world’s most popular blockchain application outside of cryptocurrency exchanges.
Dapper team members are humble and curious entrepreneurs, builders, and tinkerers who share a passion to demystify blockchain technology and tap its potential to create change in the world. Our people are our greatest strength: our diverse crew flourishes in a distributed hierarchy where personal autonomy and professional growth are encouraged. We value our culture above else: regardless of where you came from, what you studied, or who you used to work for, your role here will necessitate both a high level of creativity and strategic thinking on complex issues. Everyone here is a founder, and no one fits in a box. We’re all driven by an insatiable thirst for learning and development, and that’s what brings us together.

What we’ll accomplish together:

• Work closely with SRE and product teams to validate implementations with security tools and consult on remediating identified security flaws in our services and infrastructure.
• Help harden our servers and networks against remote exploits and privilege escalation by developing repeatable infrastructure best practices.
• Evaluate and implement security tools for threat detection and incident response management.
• Manage vulnerabilities in containers and services.
• Help develop domain-specific DDoS, DNS, WAF defences for things like blockchain-interfacing services.
• Perform security reviews with project owners and conduct assessments against in-house software, cloud infrastructure, and deployed third-party technologies.
• Help instrument systems for detecting intrusions, fraud, and abuse in domains such as blockchain traffic.
• Help coordinate bug bounty programs.
• Assess impact and support remediation of 3rd party pentest findings.

A little about you:

• Experience securing and testing cloud/IaaS platforms like AWS, Azure, or GCP.
• Experience setting up security monitoring and alerting in large scale environments.
• Experience performing network and/or web application pentests against distributed server environments.
• Experience securing containerization, Kubernetes, and microservices architectures to run production services.
• Experience working cross-functionally with teams to assess risk and prioritize security efforts.
• Strong experience penetration testing linux-based data centre environments and working closely with operational owners to prioritize and fix security vulnerabilities.
• Strong knowledge of network security and web application architecture defense.
• Good familiarity with GCP or equivalent cloud services.

The opportunity:

• Be part of a whole new discipline of security tools and processes.
• Impact - help craft the direction of security for the entire company.
• Lack of bureaucracy - your opinion will count and you will have the ability to get things done quickly.
• Projected growth - the team is fast growing, you will never be bored as we play with new technologies and product spaces.
• We’re always working with new and cool tech stacks.
• Working with big clients.
• Growth opportunity: the security team plays an increasingly important role, and is exposed to a variety of new technologies over time.

Bonus points for:

• Experience working in Agile projects as part of a reasonably large team.
• Understanding of blockchain tech.
• SaaS model secure lifecycle management.
• Being able to length extension attack SHA-2 with an abacus.

A LITTLE MORE ABOUT US:

At Dapper Labs we recruit the best and foster an environment that empowers our team. That means a workplace that is diverse, inclusive, and open-minded. We welcome applicants of all backgrounds, regardless of race, colour, religion, sexual orientation, gender identity, national origin, or disability.
We offer compensation commensurate with the high level of talent we seek, diverse opportunities for learning and development, extensive benefits, and flexible time off policy.