About MetaMask
We’re building for a future where the internet and world economy empowers people, instead of treating people like a product. Where our interactions are based on consent, privacy, and people freely associating with one another. Where communities can flourish and individuals can pursue their dreams. To accomplish that, we’re working hard to make web3 more accessible for everyone.
MetaMask is both a blockchain wallet and a gateway to the entire decentralized web. Our tools help people create communities, play video games, access financial services, make payments, invest in assets, survive from economic turmoil, and more use cases than we can even predict. We exist across multiple platforms (browser extension and mobile), and we serve the whole decentralized ecosystem.
About the role
MetaMask has experienced explosive user growth over the past year, now serving 10+ million monthly users as cryptographic key manager and web3 application development platform. This user base is rapidly growing, and all of these users place an immense amount of trust in MetaMask as a tool that manages and wields their digital authority, controlling assets, identities and more. It is of highest importance to us that we keep our users as safe and secure as possible. To that end, we are looking for new teammates who can help lead secure engineering practices across our javascript codebase.
We are growing our JavaScript Security team, and hiring Senior Software Engineers.
As a Senior Software Engineer on this team, you would contribute in the following areas:
- Bringing the protection of our LavaMoat project to all of our MetaMask Mobile and MetaMask Extension production code;
- Forking and maintaining all of our most security sensitive dependencies, especially those related to transaction signing and key management;
- Auditing all our code related to key management and signing, and helping engineers understand best practice with respect to that code;
- Writing tests that protect our key management and signing code from security flaw edge cases
- Advising on technical architecture and planning of any new feature additions that will require changes to/additions of key management or signing features
- Supporting decision making and development of wider security related features in MetaMask extension and MetaMask mobile, including those related preventing phishing, and securely managing seed phrases and private keys
Role Requirements
- A minimum of 3 years of experience building secure and scalable applications with JavaScript
- Experience supporting and analyzing security incidents in production web services and applications
- Knowledge of common security related protocols (SSL, TLS, IPSec, etc.)
- Experience of cryptographic encryption algorithms, key exchange algorithms, hashing algorithms, PKI, etc.
- Familiarity with the security issues surrounding blockchain application development
- Proactive and self-driven to be successful working in a remote environment
- Enthusiasm for shipping high-quality code and helping peers do the same
- Are kind, empathetic, and supportive towards the team
- A belief in our mission and values
Bonus Points
- Timezone: 4 hrs overlap with HAST
- Experience with threat modeling
- Ability to guide team members through security exercises
- Background specific to React & React Native
- Use of LavaMoat components
- You’re a MetaMask user!
About ConsenSys Software
ConsenSys Software is the leading Ethereum software company. We enable developers, enterprises, and people worldwide to build next-generation applications, launch modern financial infrastructure, and access the decentralized web. Our product suite, composed of Infura, Quorum, Codefi, MetaMask, and Diligence, serves millions of users, supports billions of blockchain-based queries for our clients, and has handled billions of dollars in digital assets. Ethereum is the largest programmable blockchain in the world, leading in business adoption, developer community, and DeFi activity. On this trusted, open source foundation, we are building the digital economy of tomorrow.
