About Uphold

Uphold is now the fastest-growing private company in the San Francisco Bay Area, according to the San Francisco Business Times Fast Track 100, 2022.

Uphold is pursuing a mission to democratize investments and payments for people and companies worldwide. Founded in 2014, the Silicon Valley company today has more than 8 million customers in over 150 countries with an impressive 50x increase in Mobile App downloads during the first quarter of 2020.

A bridge between the old and new money systems, Uphold allows people to buy, exchange and send more than 100 currencies, cryptocurrencies, precious metals and equities instantly. An engineering-led company with a social inclusion agenda, Uphold provides a stimulating and challenging home for the brightest and best talent.

The opportunity

Are you passionate about security? As a member of the Cyber Security Team you will help on the team effort of building a safer Uphold and a trustworthy crypto wallet, working closely with our Engineering team.

Some of your responsibilities as an Application Security Engineer can include:

• Audit applications and systems, through vulnerability management and bug bounty program oversight
• Propose remediation measures and help with their adoption
• Provide security guidance through the development lifecycle and help maintain and improve our Secure Software Development Life Cycle
• Be a security subject-matter expert (SME) and help development teams with their security needs
• Perform threat modeling (e.g., using STRIDE)
• Provide internal security training sessions, focused on the engineering users
• Develop tools to automate security tasks
• Assist in development of automated security testing to validate that secure coding best practices are being used
• Work in conjunction with other teams in incident response activities
• Develop and document security standards and practices
• Recommend security enhancements to existing processes and tools
• Collaborate with key stakeholders to gather security requirements and ensure implementation
• Report findings to upper management
• Provide operational support of application security technologies
• Work closely with all teams to improve the overall security posture of Uphold

What you’ll bring to the table:

• Knowledge in application security
• Knowledge of networking and web protocols
• Experience with security tools
• Understanding of OWASP Top 10 security flaws
• Excellent written, verbal, and conversational communication skills
• Fluent in English, both verbal and written
• Critical thinking skills and the ability to solve problems as they arise
• Comfortable working in a fast-paced environment

It’s cool if you also have:

• Knowledge in distributed computing principles 
• Knowledge in cryptographic concepts
• Experience in conducting security tests in web and mobile applications
• Experience with SAST / DAST / IAST tools
• Experience in application architecture security review
• Coding experience in one or more general-purpose languages/scripting (e.g., Java, Golang, Python, Bash)
• Strong understanding of cybersecurity standards and frameworks, e.g., ISO27001, NIST, CIS, OWASP
• Industry recognized certifications such as OSCP, CISM, CISSP, GSEC

What we have to offer you:

• An amazing work environment in a company that continues to grow, driven by extraordinary and passionate people that keep up innovating and challenging more each day.
• An international team, in a cutting edge field, working on the most fascinating projects.
• Growth and career opportunities, and the chance to be proactive and creative.
• A flexible and enthusiastic work environment that offers you snacks, a lot of coffee and other great benefits.
• Open and transparent culture - we get together on a weekly basis to share updates, strategic plans, and engage with each other informally over food and drinks.
• Interesting events that keep you connected with the team and celebrate our success.
• Full benefits, options, and bonus.

EEOC Employer

Uphold is an Equal Opportunity Employer that does not discriminate on the basis of race, color, religion, gender, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, or any other protected class.