Blockchain technology is powering a growing wave of innovation. Businesses and governments around the world are using blockchains to make banking more efficient, connect with their customers, and investigate criminal cases. As adoption of blockchain technology grows, more and more organizations seek access to all this ecosystem has to offer. That’s where Chainalysis comes in. We provide complete knowledge of what’s happening on blockchains through our data, services, and solutions. With Chainalysis, organizations can navigate blockchains safely and with confidence.

Chainalysis is seeking a dynamic and passionate Application Security Engineer with experience to join our cutting-edge team. As a trailblazer in blockchain forensics, we require a candidate with a strong understanding of application security principles, excellent communication skills, and the ability to collaborate with various stakeholders. A background in software development is valuable. In this crucial role, you will safeguard our organization's critical data and applications within cloud and application environments, contributing to the advancement of our innovative blockchain solutions.

Key Responsibilities:

  • Proactively identify, assess, and prioritize security issues in cloud and application environments, managing remediation processes
  • Collaborate with development teams to integrate security best practices throughout the application development life cycle
  • Manage and optimize application security tools, such as JFrog Xray, SonarCloud, and Burp Suite, ensuring alignment with organizational security requirements and best practices
  • Develop and maintain Software Bill of Materials (SBOMs) for applications, ensuring accurate tracking of software components and their dependencies, and perform Software Composition Analysis (SCA) on the SBOMs to identify and address potential security vulnerabilities, license compliance issues, and outdated dependencies.
  • Implement and manage security workflows and processes, focusing on application security testing to maintain a secure and compliant ecosystem
  • Develop and maintain meaningful security metrics for application security tools and testing, evaluating effectiveness and alignment with organizational security requirements and best practices
  • Provide support to internal users of security tools, promptly responding to Jira tickets assigned to the security team, ensuring effective collaboration and addressing security-related concerns
  • Conduct security assessments and penetration testing on applications and systems to identify and address vulnerabilities
  • Develop and maintain security policies, procedures, and standards to ensure compliance with regulatory and industry requirements
  • Perform comprehensive security reviews of applications hosted on AWS by threat modeling, identifying potential vulnerabilities, and providing remediation strategies. 
  • Design, develop, and implement security automation using AWS security services and third-party tools to automate the security review process for applications hosted on AWS. 

Key Technical Skills:

  • Knowledge of OWASP Top 10 vulnerabilities and mitigation techniques; experience identifying and exploiting common vulnerabilities in web applications and networks
  • Proficiency in web application security frameworks and tools, including Burp Suite, Nmap, Metasploit, and experience with network and application security testing
  • Familiarity with secure development practices, such as secure coding, threat modeling, and security risk assessment
  • Experience in programming languages, using secure coding practices, such as Python, Java, or Javascript, and familiarity with Agile and DevOps methodologies
  • Knowledge of containerization technologies (e.g., Docker) and orchestration platforms (e.g., Kubernetes)
  • Experience with security testing tools, including Sonarcloud, Jfrog, or Burp, and integration into CI/CD pipelines
  • Experience using GitHub for secure code development and knowledge of GitHub Actions for automated security testing and deployment pipelines
  • Experience with AWS security services and tools: Proficiency in AWS security services such as AWS Security Hub, AWS Config, AWS Inspector, and AWS GuardDuty, among others.
  • Understanding of Infrastructure as Code (IaC) security: Knowledge of best practices for securing Infrastructure as Code (IaC) scripts, such as AWS CloudFormation templates or Terraform scripts. Experience in using tools like Checkov or Bridgecrew for IaC security scanning and remediation.

 

#LI-BD1 #LI-Remote

At Chainalysis, we help government agencies, cryptocurrency businesses, and financial institutions track and investigate illicit activity on the blockchain, allowing them to engage confidently with cryptocurrency. We take care of our people with great benefits, professional development opportunities, and fun.

You belong here. 

At Chainalysis, we believe that diversity of experience and thought makes us stronger. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us. Some of the ways we’re ensuring we keep learning are an internal Diversity Committee, Days of Reflection throughout the year including International Women’s Day, Harvey Milk Day, World Humanitarian Day, and UN International Migrants Day, and a commitment to continue revisiting and reevaluating our diversity culture. 

We encourage applicants across any race, ethnicity, gender/gender expression, age, spirituality, ability, experience and more. Additionally, if you need any accommodations to make our interview process more accessible to you due to a disability, don't hesitate to let us know. You can learn more here. We can’t wait to meet you.  

Applying from the EU? Please review our Chainalysis Applicant Privacy Policy.

  

By submitting this application, I consent to and authorize Chainalysis to contact my former employers, and any and all other persons and organizations for information bearing upon my qualifications for employment.  I further authorize the listed employers, schools and personal references to give Chainalysis (without further notice to me) any and all information about my previous employment and education, along with other pertinent information they may have, and hereby waive any actions which I may have against either party(ies) for providing a reference.  I understand any future employment will be contingent on the Company receiving satisfactory employment references.

Apply for this Job

* Required
resume chosen  
Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
cover_letter chosen  
Google Drive
(File types: pdf, doc, docx, txt, rtf)
Cancel
Voluntary Identification Survey

Chainalysis teams and leaders are committed to cultivating a company culture that invites every employee to come to work and thrive as their whole selves. This means dressing how you feel best, celebrating the holidays that are important to you, caring for your family, bringing your authentic self to work, and doing so in an environment that embraces diversity. We invite you to self-identify so we can best understand our talent pools and evaluate our effectiveness in attracting and recruiting people to Chainalysis from all backgrounds. 

Individuals seeking employment at Chainalysis are considered without regards to race, color, spirituality, national origin, age, sex, relationship status, ancestry, physical or mental disability, veteran status, political views, gender identity, or sexual orientation. 

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Your responses will not be linked to your identity or your application, all responses are anonymized and used only in aggregated reporting. For more information, please refer to our statement here.

Please select “Acknowledge” to indicate that you agree to our processing of this information for this purpose. (Select one) *



Race/ Ethnicity (Select one)












Gender Identity (Select one)








Do you identify as transgender? (Select one)



Sexual Orientation (Select one)









Veteran Status (Select one)



Do you live with a disability? (Select one)



While we know that checking boxes can never fully capture the complexity of your identity, we have tried to make the options in this survey inclusive. If we haven’t done so, that’s our fault, and we would like to do better. (Select one)




Please reach out to our support team via our help center.