Product Security Engineer - Vulnerability Management

Blockchain technology is powering a growing wave of innovation. Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases. As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer. That’s where Chainalysis comes in. We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions. With Chainalysis, organizations can navigate blockchains safely and with confidence.

Chainalysis is seeking a dynamic and passionate Product Security Engineer with 2-4 years of experience in application, cloud, or infrastructure security to join our cutting-edge team. As a trailblazer in blockchain forensics, we require a candidate who has a strong understanding of cloud security best practices, application security principles, and excels at communicating and collaborating with various stakeholders within the organization. A background in software development is a valuable addition. In this crucial role, you will be responsible for identifying and managing vulnerabilities within our organization's product portfolio across cloud and application environments, ensuring the security and integrity of our innovative solutions in the blockchain industry. Through effective vulnerability management, you will contribute to the ongoing protection and advancement of our cutting-edge products and services.

Key Responsibilities:

• Proactively identify, assess, and prioritize security vulnerabilities in our cloud and application environments, and manage them through the remediation process
• Manage and optimize vulnerability management tools such as Tenable, Lacework, and JFrog, ensuring their effective use and alignment with the organization's security requirements and best practices
• Develop and maintain meaningful security metrics for vulnerability management tools such as Tenable, Lacework, and JFrog, to evaluate their effectiveness and alignment with the organization's security requirements and best practices
• Perform container image scanning to identify and remediate vulnerabilities in containerized applications, ensuring that only secure images are deployed within the environment.
• Conduct instance OS scanning to detect and address vulnerabilities in operating systems running on virtual machines or cloud instances, maintaining the security and compliance of the infrastructure.
• Establish and maintain container image and instance OS scanning policies and procedures, ensuring that scanning and remediation activities are aligned with the organization's security requirements and best practices.
• Collaborate with development, operations, and security teams to integrate container image and instance OS scanning into CI/CD pipelines, promoting a proactive approach to vulnerability management.
• Continuously monitor and report on the effectiveness of container image and instance OS scanning efforts, providing actionable insights and recommendations for improvement.
• Provide support to internal users of security tools and promptly respond to Jira tickets assigned to the security team, ensuring effective collaboration and addressing security-related concerns across the organization

A background like this helps: 

• Experience with vulnerability management tools such as Tenable, Lacework, and JFrog
• Experience with  AWS cloud security best practices
• Experience with Containers and Kubernetes in AWS
• Experience with Patch Management and Configuration Management Tools, including AWS SSM or Ansible. 
• Experience with Bash and/or Python Scripting to automate various tasks, include patch management, repetitive tasks, data collection, security audits and compliance checks
• Experience with Linux operating systems, including the ability to understand and analyze system components such as patches, libraries, and configurations to identify and remediate vulnerabilities.
• Familiarity with Linux package management systems (e.g., apt, yum, etc) to effectively manage software updates, patches, and dependencies for maintaining secure and up-to-date systems.
• Experience with container scanning using JFrog Xray, with the ability to configure and manage policies, integrations, and security rules for effective vulnerability detection and remediation in container images.
• Experience with JFrog Artifactory and its integration with JFrog Xray for comprehensive artifact management and security scanning in a unified platform.

#LI-BD1

At Chainalysis, we help government agencies, cryptocurrency businesses, and financial institutions track and investigate illicit activity on the blockchain, allowing them to engage confidently with cryptocurrency. We take care of our people with great benefits, professional development opportunities, and fun.

You belong here. 

At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. Some of the ways we’re ensuring we keep learning are an internal Diversity Committee, Days of Reflection throughout the year including International Women’s Day, Harvey Milk Day, World Humanitarian Day, and UN International Migrants Day, and a commitment to continue revisiting and reevaluating our diversity culture. 

We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. Additionally, if you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here. We can’t wait to meet you.  

Applying from the EU? Please review our Chainalysis Applicant Privacy Policy.

By submitting this application, I consent to and authorize Chainalysis to contact my former employers, and any and all other persons and organizations for information bearing upon my qualifications for employment.  I further authorize the listed employers, schools and personal references to give Chainalysis (without further notice to me) any and all information about my previous employment and education, along with other pertinent information they may have, and hereby waive any actions which I may have against either party(ies) for providing a reference.  I understand any future employment will be contingent on the Company receiving satisfactory employment references.