Ava Labs is hiring a

Web3 NodeJS Application Security Engineer

In a perfect world, there would be an application security engineer for each department. We are looking for an Application Security Engineer to focus on our Frontend and to be that security expert!

• Since frontend development is a fast-moving field, the successful candidate must be able to keep pace with developments and make risk assessments of new tools and security recommendations for their use

What You Will Do

• Work with frontend developers and product owners to ensure secure design and development of applications
• Be the NodeJS/Javascript/Frontend technology security expert to the team and effectively communicate information to technical and non-technical team members
• Recognize security needs and recommend suitable technologies and controls
• Design and build security tools integrated with the CI/CD pipeline
• Actively provide technical security direction to frontend developers of the team
• Respond to security alerts

What You Will Bring

• 5+ years of relevant experience
• Strong foundation and in-depth technical knowledge of application security, with an emphasis on front-end, web application, and mobile security
• Must be able to keep pace with frontend developments and make risk assessments and security recommendations of new tools
• Know the OWASP Top 10 by heart, and are eager to discover their equivalent in Web 3.0
• Experience in threat modeling system designs and implementation—how they scale, how they should fit together, and how they’re likely to break
• Experience in design reviews and conducting code reviews with an eye for security vulnerabilities
• Experience in triaging findings from security tools, bug bounty programs, and the external research community
• Proficient in one or more programming languages (Node.js/Javascript, Golang experience also looked upon favorably)
• Ability to analyze and solve complex problems
• OSCP gets our attention, but is not required
• Solidity / smart contract experience would be a big plus, as Web 3.0 Javascript interacts heavily with smart contracts (What's your Ethernaut score?)
• Nice to have - security experience in Web3.0. and typescript

#LI-Remote #LI-TW1