Our Krakenites are a world-class team with crypto conviction, united by our desire to discover and unlock the potential of crypto and blockchain technology.
What makes us different?
Kraken is a mission-focused company rooted in crypto values. As a Krakenite, you’ll join us on our mission to accelerate the global adoption of crypto, so that everyone can achieve financial freedom and inclusion. For over a decade, Kraken’s focus on our mission and crypto ethos has attracted many of the most talented crypto experts in the world.
Before you apply, please read the Kraken Culture page to learn more about our internal culture, values, and mission.
As a fully remote company, we have Krakenites in 70+ countries who speak over 50 languages. Krakenites are industry pioneers who develop premium crypto products for experienced traders, institutions, and newcomers to the space. Kraken is committed to industry-leading security, crypto education, and world-class client support through our products like Kraken Pro, Kraken NFT, and Kraken Futures.
Become a Krakenite and build the future of crypto!
Mission Statement
Safeguard our organization by identifying, qualifying, and mitigating vulnerabilities through effective communication, focus on high quality, and practical impact.
Team Objective
Reduce organizational security risk by accelerating the maturity of our Vulnerability Management experience at Kraken through our end-to-end VULN lifecycle of Discover -> Investigate -> Route -> Collaborate and Remediate.
Kraken is looking for experienced information security professionals, with an ethical hacking mindset, to join our vulnerability management team. This team’s mission is to safeguard our organization by identifying, qualifying, and mitigating vulnerabilities through effective communication, focus on high quality, and practical impact.
This role will also have the opportunity to pursue projects, innovations, and specializations that enrich our program. For example, this might include AI, automation, blockchain, offensive security, privacy engineering, security research, etc. Members of the vulnerability team enjoy camaraderie, support, and engagement with other security teams, including experts in many other information security disciplines.
Leverage strong analytical skills, empirical evidence, and demonstration of practical impact to tune out false positive findings, substantiate, and prioritize true positive findings
Discover, investigate, report, and manage cases end-to-end, throughout the vulnerability lifecycle
Serve as collaborative, peacekeepers to guide stakeholders with diverse viewpoints toward effective resolutions
Develop, orchestrate, and administrate best-in-class COTS and internal tools to support workflows
Ensure coverage for a broad variety of assets including systems, code, people, and processes
Write security testing baselines and standards for common classes of vulnerabilities
3+ years in software development and/or infrastructure (microservices, network, systems, etc.)
Preferred 5+ years of experience in information security consulting, penetration testing, red team, offensive security
Information security certifications are good, but not required, with an emphasis on practical knowledge (e.g., OffSec Certified Professional (OSCP), CREST Registered Penetration Tester (CRT), Open Source Intelligence Professional Certification (OSIP), CCIE Security)
Extensive knowledge of information security testing methodologies (e.g. PTES), standards (e.g. ISO, NIST, PCI), and best practices (e.g. OWASP top 10, OWASP ASVS, etc.)
Basic understanding of cryptography, especially as it relates to cryptocurrency
Ability to work independently and take ownership of assigned tasks, such as managing the remediation of a vulnerability with developers through it's whole lifecycle
Strong project management skills, with the ability to prioritize and complete tasks efficiently
Excellent communication and customer service skills
Track record of drafting and reviewing engineering and security documentation, diagrams, requirements, etc.
Curiosity, creativity and persistence to develop test cases that reveal and validate systems behavior, including unusual or unexpected conditions
#LI-Remote #LI-DA1 #USCANBRUKEU
This job is accepting ongoing applications and there is no application deadline.
Please note, applicants are permitted to redact or remove information on their resume that identifies age, date of birth, or dates of attendance at or graduation from an educational institution.
We consider qualified applicants with criminal histories for employment on our team, assessing candidates in a manner consistent with the requirements of the San Francisco Fair Chance Ordinance.
Kraken is powered by people from around the world and we celebrate all Krakenites for their diverse talents, backgrounds, contributions and unique perspectives. We hire strictly based on merit, meaning we seek out the candidates with the right abilities, knowledge, and skills considered the most suitable for the job. We encourage you to apply for roles where you don't fully meet the listed requirements, especially if you're passionate or knowledgable about crypto!
As an equal opportunity employer, we don’t tolerate discrimination or harassment of any kind. Whether that’s based on race, ethnicity, age, gender identity, citizenship, religion, sexual orientation, disability, pregnancy, veteran status or any other protected characteristic as outlined by federal, state or local laws.
Stay in the know
Subscribe to Rise newsletter