Senior Offensive Security Engineer (IOT / Network Pentesting)

📋 Description

• • As a Senior Offensive Security Engineer at Coinbase, you will be at the forefront of safeguarding our innovative digital and physical infrastructure. Your primary focus will be on assessing and enhancing the security posture of physical spaces, including offices and labs, with a specialized emphasis on Internet of Things (IoT) devices, automation, and prosumer networking equipment. This role demands a deep understanding of how networked devices interact within complex environments and the potential vulnerabilities they present.
• • You will be responsible for conducting comprehensive, end-to-end penetration tests across a wide array of networked devices. This includes not only the hardware and firmware but also the intricate integrations and software components that enable their functionality. Your work will involve identifying, exploiting, and thoroughly documenting security weaknesses within these ecosystems.
• • A critical aspect of your role will be to translate your technical findings into actionable insights. You will produce detailed reports that clearly outline identified vulnerabilities, their potential impact, and provide robust, practical recommendations for remediation. This ensures that security improvements are effectively implemented.
• • Collaboration is key in this position. You will work closely with our dedicated security and development teams to embed security best practices throughout the entire device lifecycle, from initial design and development through to deployment and ongoing maintenance. This proactive approach helps build security in from the ground up.
• • Staying ahead of the curve is paramount in the ever-evolving threat landscape. You will be expected to continuously research and stay current with the latest security threats, emerging vulnerabilities, and cutting-edge industry best practices specifically related to securing physical spaces and connected devices.
• • Your ability to communicate complex technical information to diverse audiences will be essential. You will present your findings, methodologies, and remediation strategies to both technical teams and non-technical stakeholders, including executive leadership, ensuring a clear understanding of security risks and the proposed solutions.
• • This role requires a proactive and inquisitive mindset, always seeking to uncover potential weaknesses before malicious actors can exploit them. You will contribute to a culture of security awareness and continuous improvement across the organization.
• • You will play a vital role in threat modeling and risk assessment for new and existing physical infrastructure and IoT deployments, helping to prioritize security investments and efforts.
• • The position involves understanding and testing the security of building management systems (BMS), physical access control systems (PACS), and various wireless protocols such as LoRaWAN, Bluetooth, and Zigbee, in addition to standard IP-based network security infrastructure like cameras and alarm systems.
• • You will leverage your expertise to simulate advanced persistent threats (APTs) and nation-state actor tactics, techniques, and procedures (TTPs) to rigorously test the resilience of our security controls.
• • This role offers a unique opportunity to impact the security of a leading cryptocurrency company, contributing directly to the trust and safety of our users and operations.
• • You will be instrumental in developing and refining penetration testing methodologies tailored for IoT and physical security environments, ensuring our testing remains effective and relevant.
• • The position may require occasional travel to various company locations to conduct on-site assessments and collaborate with local teams, ensuring a comprehensive understanding of the physical security landscape.
• • You will contribute to the development and implementation of security tooling and automation to enhance the efficiency and effectiveness of offensive security operations.
• • A strong understanding of networking protocols, architectures, security frameworks, and building security best practices is fundamental to success in this role.
• • You will be expected to maintain a high level of ethical conduct and professionalism in all aspects of your work, upholding Coinbase's commitment to security and integrity.
• • This role is an opportunity to work with a world-class team in a fast-paced, dynamic environment, contributing to the mission of increasing economic freedom globally.