Blockchain technology is powering a growing wave of innovation. Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases. As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer. That’s where Chainalysis comes in. We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions. With Chainalysis, organizations can navigate blockchains safely and with confidence.

Chainalysis is seeking a dynamic and passionate Product Security Engineer with experience in application, cloud, or infrastructure security to join our cutting-edge team. As a trailblazer in blockchain forensics, we require a candidate who has a strong understanding of cloud security best practices, application security principles, and excels at communicating and collaborating with various stakeholders within the organization. A background in software development is a valuable addition. In this crucial role, you will be responsible for identifying and managing vulnerabilities within our organization's product portfolio across cloud and application environments, ensuring the security and integrity of our innovative solutions in the blockchain industry. Through effective vulnerability management, you will contribute to the ongoing protection and advancement of our cutting-edge products and services.

 

Key Responsibilities:

  • Proactively identify, assess, and prioritize security vulnerabilities in our cloud and application environments, and manage them through the remediation process
  • Manage and optimize vulnerability management tools such as Tenable, Lacework, and JFrog, ensuring their effective use and alignment with the organization's security requirements and best practices
  • Develop and maintain meaningful security metrics for vulnerability management tools such as Tenable, Lacework, and JFrog, to evaluate their effectiveness and alignment with the organization's security requirements and best practices
  • Perform container image scanning to identify and remediate vulnerabilities in containerized applications, ensuring that only secure images are deployed within the environment.
  • Conduct instance OS scanning to detect and address vulnerabilities in operating systems running on virtual machines or cloud instances, maintaining the security and compliance of the infrastructure.
  • Establish and maintain container image and instance OS scanning policies and procedures, ensuring that scanning and remediation activities are aligned with the organization's security requirements and best practices.
  • Collaborate with development, operations, and security teams to integrate container image and instance OS scanning into CI/CD pipelines, promoting a proactive approach to vulnerability management.
  • Continuously monitor and report on the effectiveness of container image and instance OS scanning efforts, providing actionable insights and recommendations for improvement.
  • Provide support to internal users of security tools and promptly respond to Jira tickets assigned to the security team, ensuring effective collaboration and addressing security-related concerns across the organization

A background like this helps: 

  • Experience with vulnerability management tools such as Tenable, Lacework, and JFrog
  • Experience with  AWS cloud security best practices
  • Experience with Containers and Kubernetes in AWS
  • Experience with Patch Management and Configuration Management Tools, including AWS SSM or Ansible. 
  • Experience with Bash and/or Python Scripting to automate various tasks, include patch management, repetitive tasks, data collection, security audits and compliance checks
  • Experience with Linux operating systems, including the ability to understand and analyze system components such as patches, libraries, and configurations to identify and remediate vulnerabilities.
  • Familiarity with Linux package management systems (e.g., apt, yum, etc) to effectively manage software updates, patches, and dependencies for maintaining secure and up-to-date systems.
  • Experience with container scanning using JFrog Xray, with the ability to configure and manage policies, integrations, and security rules for effective vulnerability detection and remediation in container images.
  • Experience with JFrog Artifactory and its integration with JFrog Xray for comprehensive artifact management and security scanning in a unified platform.

#LI-BD1 #LI-Remote

At Chainalysis, we help government agencies, cryptocurrency businesses, and financial institutions track and investigate illicit activity on the blockchain, allowing them to engage confidently with cryptocurrency. We take care of our people with great benefits, professional development opportunities, and fun.

You belong here. 

At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. Some of the ways we’re ensuring we keep learning are an internal Diversity Committee, Days of Reflection throughout the year including International Women’s Day, Harvey Milk Day, World Humanitarian Day, and UN International Migrants Day, and a commitment to continue revisiting and reevaluating our diversity culture. 

We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. Additionally, if you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here. We can’t wait to meet you.  

Applying from the EU? Please review our Chainalysis Applicant Privacy Policy.

  

By submitting this application, I consent to and authorize Chainalysis to contact my former employers, and any and all other persons and organizations for information bearing upon my qualifications for employment.  I further authorize the listed employers, schools and personal references to give Chainalysis (without further notice to me) any and all information about my previous employment and education, along with other pertinent information they may have, and hereby waive any actions which I may have against either party(ies) for providing a reference.  I understand any future employment will be contingent on the Company receiving satisfactory employment references.

Apply for this Job

* Required
resume chosen  
Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
cover_letter chosen  
Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
Voluntary Identification Survey

Chainalysis teams and leaders are committed to cultivating a company culture that invites every employee to come to work and thrive as their whole selves. This means dressing how you feel best, celebrating the holidays that are important to you, caring for your family, bringing your authentic self to work, and doing so in an environment that embraces diversity. We invite you to self-identify so we can best understand our talent pools and evaluate our effectiveness in attracting and recruiting people to Chainalysis from all backgrounds. 

Individuals seeking employment at Chainalysis are considered without regards to race, color, spirituality, national origin, age, sex, relationship status, ancestry, physical or mental disability, veteran status, political views, gender identity, or sexual orientation. 

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Your responses will not be linked to your identity or your application, all responses are anonymized and used only in aggregated reporting. For more information, please refer to our statement here.

Please select “Acknowledge” to indicate that you agree to our processing of this information for this purpose. (Select one) *



Race/ Ethnicity (Select one)












Gender Identity (Select one)








Do you identify as transgender? (Select one)



Sexual Orientation (Select one)









Veteran Status (Select one)



Do you live with a disability? (Select one)



While we know that checking boxes can never fully capture the complexity of your identity, we have tried to make the options in this survey inclusive. If we haven’t done so, that’s our fault, and we would like to do better. (Select one)




Please reach out to our support team via our help center.