The Infrastructure Security team works directly with the Infrastructure team architecting, advising, and building solutions that make the Coinbase engineering platform secure and let our engineers focus on building great products. Our work touches all facets of the engineering pipeline, from development and deployment, to core infrastructure and configuration, to the cross between SRE and Security. You’ll work with these infrastructure teams while building security specific solutions that compliment the overall platform. In the next year, we’ll be working on enhancing how our services authenticate and authorize access, using eBPF and KRSI for precision system monitoring and protection, and implementing In-toto to help us track the provenance of external and internal dependencies.
What you’ll be doing (ie. job duties):
- Building systems that discover, inform, and maintain expectations about our infrastructure so that engineers can focus on building products, and when they need to make decisions, to make good ones.
- Contribute security functionality to the core Coinbase Infrastructure by working closely with Infrastructure engineers to extend services that they are building.
- Help Infrastructure engineers develop secure systems by advising on secure patterns and practices.
What we look for in you (ie. job requirements):
- You exhibit our core values: clear communication, positive energy, continuous learning, and efficient execution
- You have strong software engineering skills in languages such as Go, Java, or Python
- You have experience with cloud-native architectures
- You are interested in security and thinking about how things can go wrong
- 5+ years of professional work experience within infrastructure security software engineering
Nice to haves:
- You enjoy wrangling complex problems and datasets - we often deal with messy or voluminous datasets such as configuration across our fleet or terabytes of logs, so interest in modern data management tools that help us find signal in the noise will be beneficial.
- Interest in cryptography or privacy engineering - we use cryptography across our organization to protect our users, and bringing standardization and integration into our platform will help meet our mission of helping engineers focus on building products. We have cryptographic engineers that build and validate primitives, but knowing how and where to use them will be helpful.
- Experience working in a high security and/or highly regulated industry - we are both, and have to work to build highly constrained architectures that are as painless as possible, while remaining highly transparent for ease of compliance and audit.