Application Security Engineer (AppSec)

About Us

Parity is one of the world's most experienced core blockchain infrastructure companies, having built and pioneered some of the most advanced technologies in the blockchain sector. Parity was founded by Dr. Gavin Wood, co-founder and former CTO of Ethereum, the primary engineer behind the Ethereum Virtual Machine (EVM), inventor of the Solidity programming language, and primary author of the Ethereum Yellow Paper.

Based in Berlin, London, and Lisbon, Parity has built clients for Ethereum, Bitcoin, and Zcash and has pioneered a completely new, next-generation blockchain protocol with Polkadot and the framework it’s built with, Substrate. Parity builds the open-source technologies needed to power an unstoppable, decentralised web—known as Web3—and helps developers and organisations implement and build upon the Web3 tech stack.

People in Our Collective Are

• Highly motivated to contribute to Parity’s mission and be part of something bigger
• Excited to work on projects that are groundbreaking and complex
• Autonomous workers that self-initiate, but also collaborate well with others
• Taking maximum accountability and having minimum ego at work
• Comfortable with chaos and adapting to the ever-changing Web3 space

Continuously educating themselves about Parity and the wider ecosystem.

About the team:

The AppSec team is pivotal in helping us secure our ecosystem. We are part of the Security team with a mission of reducing the impact of threats to Parity and its products, bolstering their resilience against potential cyber threats.

Parity has many products: blockchain clients written in Rust, mobile apps written in platform-native languages, browser-based tools and extensions written in JavaScript. We also maintain some crypto and networking libraries (mostly in Rust) and a blockchain framework used by several hundreds of third-party teams. All of this code needs to be consistently secured.

About the position:

This is a crucial role where you will bring your technical abilities to recognise and reduce risk to the ecosystem and be able to effectively influence a wide group of stakeholders. It is a unique opportunity to help secure an innovative organisation where feedback is direct and honest and understands that a check box approach doesn’t get results.

About you:

You should be able to demonstrate:

• Strong knowledge of secure coding practices
• Risk-based approach and pragmatism in order to enhance the level of security in partnership with different stakeholders
• Familiarity with security frameworks and approaches such as SAST, DAST, fuzzing, property-based testing, symbolic execution, network simulation, etc.
• Experience in threat modelling, red/blue teaming, working with best-in-class independent security teams, and turning their findings into actual deployed fixes in our codebase (as well as implementing lessons learned)
• An ability to work with a diverse set of stakeholders to valorise security and influence best practices.
• Advanced skills in analysing and mitigating cyber security threats
• Understanding of web3 application architecture - ideally including cryptography, decentralised networking, blockchain consensus, hardware key management solutions
• Proficiency with security tools and technologies, and the ability to create your own tools when needed
• Proficiency in multiple programming languages - ideally Rust and TypeScript
• A focus on outcomes (rather than activities) and delivering against outcomes with limited interference day to day
• Ideally live within 2 hours of UTC+0, but exceptional candidates outside of this timezone will also be considered.

About working for us:

• Competitive remuneration packages based on iterative market research, including tokens (where legally possible)
• “Future of work” environment that’s remote-first and self-initiating with flexible hours
• Team mates that are genuinely excited about their impact and projects
• Access to the brightest minds in this space to learn about Web3 and develop your skills and knowledge while on the job
• Becoming part of the wider ecosystem (career and networking opportunities)
• Team and company-wide retreats
• Work laptop

Those joining our collective as an employee in Germany, Portugal, and the U.K. also enjoy benefits such as health care, parental leave, PTO (28 days per year), local team events, yearly L&D budget, and language classes.

Parity is an Equal Opportunity Employer. We welcome diversity in our global team and care about everyone in our collective feeling included and welcome.