As the world's first and largest NFT marketplace, OpenSea is pioneering a new frontier where art, games, technology and commerce converge in fascinating and unprecedented ways. Our platform empowers millions of creators, collectors and developers to easily showcase, discover, buy and sell unique digital items.
We’re a team of rigorous problem solvers, visionary futurists, proactive doers and effective communicators. As a remote-first company, we enable our team members to work from anywhere, while making time to come together as a team to collaborate and connect in person throughout the year.
We are seeking a Staff Security Engineer who will be responsible for preventing, detecting, and responding to all manner of security incidents that impact the company, on and off chain. The Security Engineer will be deeply involved with overall detection and response strategy, development and deployment of cutting edge tools, forward-thinking policy development, and stewarding a culture of security across the company.
Responsibilities
- Design and build a cutting-edge detection platform from the ground up, serving as the central hub for processing and analyzing vast quantities of log data. Develop mechanisms to reduce noise, increase signal, and automate the prioritization of high-value alerts.
- Spearhead the development of infrastructure to integrate, consolidate, and contextualize existing data sources and third-party integrations to enhance detection capabilities.
- Architect scalable, automated solutions for detecting and responding to security threats across endpoints, cloud environments, and networks.
- Lead efforts to design and implement systems that enable comprehensive monitoring and security hardening of endpoints and cloud environments, ensuring they are resilient against emerging threats and vulnerabilities.
- Develop and integrate advanced threat detection signals leveraging threat intelligence and behavioral analysis to identify malicious activity early and prevent incidents.
- Automate detection workflows and repetitive security processes to improve operational efficiency and allow rapid response to potential threats.
- Collaborate with engineering teams to embed detection capabilities across the technology stack, ensuring security measures are integrated into systems from inception through deployment.
- Design and deploy monitoring tools for tracking activities across distributed systems, with a focus on detecting anomalies, vulnerabilities, and potential security risks in real-time.
- Utilize expertise in programming languages such as Go, Rust, or Python to develop and maintain detection tooling, as well as build custom integrations for security systems and processes.
Desired Experience
- 5+ years of experience working within security engineering with expertise in forensics, Malware Analysis, Intrusion Detection and incident response.
- Expertise with AWS (preferred), GCP, or other cloud providers
- 4-5+ years of experience in detection engineering, rules development, SIEM experience (ex, ELK, Splunk et al), EDR such as SentinelOne (what we use), CarbonBlack, etc
- Start-up experience
- Proficient in one or more programming languages, such as Java, Go, PowerShell, Node.js, C#, Python, and Ruby.
- Deep knowledge and experience modeling threats aligned to the MITRE ATT&CK framework and Lockheed Killchain model
- SANS certification (504, 508, 578) a bonus.
- A strong interest in blockchain technology, with either prior experience or a significant curiosity and enthusiasm to learn.
The base salary for this full-time position, which spans across multiple internal levels depending on qualifications, ranges between $185,000 to $340,000 plus benefits & equity.
If you don't think you meet all of the criteria below but still are interested in the job, please apply. Nobody checks every box, and we're looking for someone who is excited to join the team.
#LI-Remote