Status is building the tools and infrastructure for the advancement of a secure, private, and open web3.
With the high level goals of preserving the right to privacy, mitigating the risk of censorship, and promoting economic trade in a transparent, open manner, Status is building a community where anyone is welcome to join and contribute.
As an organization, Status seeks to push the web3 ecosystem forward through research, creation of developer tools, and support of the open source community.
As a product, Status is an open source, Ethereum-based app that gives users the power to chat, transact, and access a revolutionary world of DApps on the decentralized web. But Status is also building foundational infrastructure for the whole Ethereum ecosystem, including the Nimbus ETH 1.0 and 2.0 clients, the Keycard hardware wallet, and the Waku messaging protocol (a continuation of Whisper).
As a team, Status has been completely distributed since inception. Our team is currently 100+ core contributors strong, and welcomes a growing number of community members from all walks of life, scattered all around the globe.
We care deeply about open source, and our organizational structure has minimal hierarchy and no fixed work hours. We believe in working with a high degree of autonomy while supporting the organization’s priorities.
You will have the opportunity to research, develop, and evaluate bleeding-edge technologies to strengthen our products and the organization’s Security and privacy stance. In addition, you will touch on a broad array of challenges and topics that fall under the scope of Security, so you must continuously adapt and learn.
General Security & Risk Management
Support the organization in the continuous analysis of its security posture & risk management.
Support in the day to day security of the organization resources,
Secure Software Development
Support our product teams in the detection, test & remediation of vulnerabilities in the code base,
Support our product teams in the development of security-related features,
Support our product teams with the security of their supply chain.
Support the detection & remediation of vulnerabilities in our infrastructure,
Maintain a documentation of the infrastructure & the security aspects,
Contribute to the continuous improvement of the security of our infrastructure, including the hardening of our services,
Maintenance of host and cloud firewall rules to limit attack surfaces,
Configuration & maintenance of our Identity & Access Management solutions,
Create and manage user access to applications and resources.
You ideally will have:
A strong alignment to our principles: https://status.im/about/#our-principles,
Interest in the web3 values & ecosystem,
Experience or at least interest in the following technologies:
Firewalls (Cloud & Linux)
Keycloak & related IAM, SSO technologies
Security auditing experience,
“Blue team” experience: security monitoring (e.g. SOC),
Experience in managing bug bounty programs (e.g HackerOne, Bugcrowd, etc.),
Information security management framework expertise,
SDLC experience (design, implementation and compliance).
Don’t worry if you don’t meet all of these criteria, we’d still love to hear from you anyway if you think you’d be a great fit for this role. Just explain to us why in your cover letter.
Experience working remotely and asynchronously,
Experience working for an open source organization.
Status offers above-average compensation, payable in fiat and/or crypto.
Interview with People Ops team
Interview with Serhan & Fred from the Security team
Interview with Jakub from the Infra team
The steps may change along the way if we see it makes sense to adapt the interview stages, so please consider the above as a guideline. We’re looking for the new Infrastructure Security Engineer (you?) to join us as soon as possible.