Engineering Manager, Product Security

We’re Coinbase. We’re the world’s most trusted way to join the crypto revolution, serving more than 89 million accounts in more than 100 countries. 

Our mission is to increase economic freedom around the world, and we couldn’t do this without hiring the best people. We’re a group of hard-working overachievers who are deeply focused on building the future of finance and Web 3.0 for our users across the globe, whether they’re trading, storing, staking or using crypto. Know those people who always lead the group project? That’s us.

There are a few things we look for across all hires we make at Coinbase, regardless of role or team. First, we look for candidates who will thrive in a culture like ours, where we default to trust, embrace feedback, and disrupt ourselves. Second, we expect all employees to commit to our mission-focused approach to our work. Finally, we seek people who are excited to learn about and live crypto, because those are the folks who enjoy the intense moments in our sprint and recharge work culture. We’re a remote-first company looking to hire the absolute best talent all over the world.

Ready to #LiveCrypto? Who you are:

• You’ve got positive energy. You’re optimistic about the future and determined to get there. 
• You’re never tired of learning. You want to be a pro in bleeding edge tech like DeFi, NFTs, DAOs, and Web 3.0. 
• You appreciate direct communication. You’re both an active communicator and an eager listener - because let’s face it, you can’t have one without the other. You’re cool with candid feedback and see every setback as an opportunity to grow.
• You can pivot on the fly. Crypto is constantly evolving, so our priorities do, too. What you worked on last month may not be what you work on today, and that excites you. You’re not looking for a boring job.
• You have a “can do” attitude. Our teams create high-quality work on quick timelines. Owning a problem doesn’t scare you, but rather empowers you to take 100% responsibility for achieving our mission.
• You want to be part of a winning team. We’re stronger together, and you’re a person who embraces being pushed out of your comfort zone.

Security is a primary competency at Coinbase, and the Security Team keeps a watchful eye over every aspect of it. Every day, we go to battle against some of the most sophisticated attackers in the world to protect billions of dollars worth of digital assets and ensure that our customers and employees can enjoy a safe, trusted experience. As Coinbase scales globally, our team is scaling along with it, using a blend of tooling, automation, and strategic team growth to ensure that we’re well-equipped to protect the next billion users of crypto.We're looking for an Engineering Manager to join the Product Security Core (ProductSec Core) Organization. ProductSec Core team’s mission is to enable Coinbase to be the most trusted & secure platform to use crypto. You will collaborate with product and engineering teams to drive secure and customer-centric product design. You will lead your team of security architects and security engineers to embed security upstream and drive cross-functional efforts to operationalize business objectives while minimizing security risks. You will own and mature the Security Development Lifecycle (SDL) for the company.

What you’ll be doing:

ProductSec Core team provides security assurance services to all Coinbase product lines. These services include conducting design reviews, developing Threat Models, code reviews, penetration testing and providing trusted advisory to all engineering teams to ensure security is baked starting from the design stage to the deployment stage. This team will provide trusted security partner support to all high risk product verticals such as investments, retail, trading and platform services. You will provide security and architectural direction for the development, design, integration, testing, and maintenance of our product suite.

Key Job Duties:

• Program Development. We’re looking to you to expand and formalize our Secure Architecture and Engineering Program. As Coinbase has grown, our Product Security function has developed organically. This program drives our Security bar across all services. The purpose is to prevent the likelihood and impact of security breaches through high quality design reviews and successful remediation of security vulnerabilities. We expect you to bring an automation-first mindset to champion and drive automation of manual tasks, and process improvements across product security operations and advocate for internal security principles, and identify creative ways to embed concepts of security by design into operational activities.
• Team Management. Any team is only as strong as the individuals it’s composed of. Your primary concern will be the growth, development and health of the team. You’ll nurture the team, mentor them  and unblock them. You’ll help your teammates find work they enjoy, and find ways to get through the work they don’t. We’ll ask you to hire more individuals to your team, so you’ll need to identify what skills and personalities you need to get the job done. Set clear targets and objectives, and establish KPIs for the team.
• Operations.  Finally, we’re looking for someone who will be accountable to the operations of the team. You’ll work with your leadership to develop goals and metrics, and then we expect you to hold yourself accountable to them. Your quality bar defines the quality of the team, and we’re expecting yours to be high. From timelines to reviews, you’ll work to make sure the Security Partners team runs smoothly. We’ll also ask you to coordinate and bring in other security teams such as privacy, trust and safety, offensive security engagements as we need them. You’ll spend a significant amount of time communicating to your team, to your peers, and across the company.

What we're looking for in you:

• At least 3 years experience in managing product or application security teams that have had to adapt to the changing needs of a business experiencing rapid growth
• At least 6 years experience and solid foundation in security 
• You are passionate about growing people and helping them achieve their goals
• You’ll be providing support and mentorship for application security engineers, so you’ll need to have enough experience in the field to guide them as they grow. 
• From time to time, you may take on a review project for yourself to keep your skills relevant
• We look for individuals who are clear, direct, and kind in their communications. 
• Ability to communicate with technical SMEs and non-technical stakeholders in order to drive alignment.
• You have an energy and self-drive for continuous learning as Crypto is a constantly and rapidly changing space
• Ability to do both long term thinking and short term planning
• We’ll need a manager capable of becoming a SME in one of our product technical architecture. This requires deep technical experience in software development, secure design, threat modeling, and application security
• Building stakeholder relationships is a crucial aspect of the role. A successful candidate will use every interaction as an opportunity to build trust through effective, positive, and efficient communication

Nice to haves:

• You have experience in cryptography or blockchain technology
• If you have extensive experience securing large Rails, NodeJS, and Golang codebases, we can immediately start applying what you’ve learned to the code we are asked to secure. Even better if you’ve spent time training others on how to secure those codebases.

Please note that for employees based in the US, Philippines, Canada or Singapore, if your role requires you to be present in a Coinbase office or if you choose to be physically present in a Coinbase office or sponsored location, you will be required to be fully vaccinated from COVID-19 (as defined by applicable law).  If you receive an offer, you will receive additional information about the grounds and process for an exemption.

Commitment to Equal Opportunity

Coinbase is committed to diversity in its workforce and is proud to be an Equal Opportunity Employer.  All qualified applicants will receive consideration for employment without regard to race, color, religion, creed, gender, national origin, age, disability, veteran status, sex, gender expression or identity, sexual orientation or any other basis protected by applicable law. Coinbase will also consider for employment qualified applicants with criminal histories in a manner consistent with applicable federal, state and local law.  For US applicants, you may view Pay Transparency, Employee Rights and Equal Employment Opportunity is the Law notices by clicking on their corresponding links.  Additionally, Coinbase participates in the E-Verify program in certain locations, as required by law.    

Coinbase is also committed to providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the employment process, please send an e-mail to accommodations[at]coinbase.com and let us know the nature of your request and your contact information.  For quick access to screen reading technology compatible with this site click here to download a free compatible screen reader (free step by step tutorial can be found here).

Global Data Privacy Notice for Job Candidates and Applicants

Depending on your location, the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) may regulate the way we manage the data of job applicants. Our full notice outlining how data will be processed as part of the application procedure for applicable locations is available here. By submitting your application, you are agreeing to our use and processing of your data as required.