Phantom is looking for a KMS Security Engineer to join our team. In this role, you will be responsible for identifying, exploiting, and mitigating security vulnerability risks in our software applications. Your primary focus will be on owning critical security infrastructure and services, especially Key Management for our wallet infrastructure, which is core to our mission of making the digital economy safe and easy to use.
What You'll Do
- Own critical security infrastructure/services for the company, with a focus on Key Management for wallet infrastructure.
- Perform regular security assessments on new projects, infrastructure, and code.
- Identify and mitigate security vulnerabilities in code, systems, and networks through manual testing, automated tools, threat modeling, and threat intelligence.
- Keep up to date with the latest offensive security techniques, application security threats, and best practices in the blockchain space, and recommend improvements to security posture.
- Write detailed reports of findings and present them to management and technical teams to help prevent real-world attacks.
- Work with development teams to implement secure coding practices and ensure the integrity of cryptographic functions.
- Collaborate with other teams such as development and platform to ensure that security is integrated throughout the organization.
- Participate in incident response and incident management activities.
- Lead large cross-team projects.
What We're Looking For
- 7+ years of experience in offensive security techniques, with a focus on blockchain technology and cryptography.
- Experience working with Key Management Services.
- Strong understanding of security risks, vulnerabilities, and concepts in web and mobile applications.
- Proficient in code review for JavaScript & TypeScript with a strong understanding of application security threats and offensive security techniques.
- Write PoC’s to prove vulnerabilities, review and ensure that patch code meets the standards set by the repository owners and maintainers.
- Strong analytical and problem-solving skills.
- Good verbal and written communication skills.
Nice to Have
- Experience working as a security software engineer at crypto companies.
- Experience developing key management solutions.
- Experience working with HSM, trust computing, TEEs (AWS Nitro Enclave or Intel SGX).
Technical Stack
- JavaScript
- TypeScript
- Blockchain
- Cryptography
- Key Management Services
- HSM
- AWS Nitro Enclave
- Intel SGX
Benefits & Compensation
- Compensation: $250,000 to $285,000 + equity
- Competitive salary and equity
- Comprehensive insurance (medical/dental/vision) — 100% covered
- Stipend for your ideal remote set-up
- Flexible hours and a supportive remote environment
- Unlimited vacation
- 401(k) retirement plan
- Monthly wellness benefit
- Weekly meal benefit
- Global off-sites
Work Mode
This role is open to candidates globally.
Phantom is committed to building an inclusive, supportive place for you to do the best work of your career.
