Senior Application Security Engineer

About the Company:

World is a network of real humans, built on privacy-preserving proof-of-human technology, and powered by a globally inclusive financial network that enables the free flow of digital assets for all. It is built to connect, empower, and be owned by everyone.

About the company:

World is a network of real humans, built on privacy-preserving proof-of-human technology, and powered by a globally inclusive financial network that enables the free flow of digital assets for all. It is built to connect, empower, and be owned by everyone.

Tools for Humanity is a technology company building for humans in the age of AI. We are home to over 400 developers, scientists, engineers, designers, creatives, economists and other various optimists currently building tools for World. World is a network that provides Identity, finance and community for every human. It is built using cutting edge hardware, software and blockchain technology that makes it possible to provide a Proof of Humanity that can be used and trusted anywhere in the world. Currently, over 10 million people have verified at one of more than 1400 orbs around the world. With more than 100 mini-apps and numerous third party integrations with World App, the World network is rapidly growing in scale and utility. To reach our goal of having the network accessible to every person in the world as quickly as possible, we must design and deploy some of the most security forward, privacy aware, transparent, high-scale, and decentralized technologies ever built.

We are looking for an Application Security Engineer to join and continue developing our Application Security program.

About the Security team:

Well beyond “regular company security” the goal of security at Tools For Humanity is to enable the World project to build a global network that can be trusted by all parties. 

The security team is central to the success of the company and the World protocol. It must navigate complex systems while delivering the state-of-the-art in hardware and software security. The team of 15+ engineers helps guide, blockchain, device, cloud, mobile and application security across all of our technologies. For example, it works with engineering teams that are designing novel new zero knowledge proofs and cryptographic solutions (such as AMPC) that enable the World network.

As a global network that enables identity, financial, and community services the team must consider a wide range of threats that span tampering with devices, visual spoofing of devices, in-person attempts to commit fraud, and traditional web / cloud services security. The team must work closely with fraud and data science teams to design systems to detect potential abuse while maintaining privacy and security for users.

About the Role:

In this role, you'll join a passionate team tackling complex security challenges throughout our product lifecycle. As a key architect of our security strategy, you'll ensure robust measures are integrated into every product from conception to deployment. You'll leverage your expertise to assess risks, influence product design decisions, and serve as a trusted advisor to development teams. Through strategic insight and collaborative problem-solving, you'll help evolve our application security program, making a lasting impact on how we protect our products and stay ahead of threats.

You will:

• Perform threat modeling to identify risks in the design of new products and drive their mitigation.

• Architect and implement security solutions to mitigate identified risks.

• Work closely with engineering teams to integrate security into the development lifecycle.

• Identify vulnerabilities through code reviews and penetration testing, and drive their remediation.

• Improve and build, such as scanners and implementation of secure defaults, to scale our application security program.

• Manage and contribute to the continuous improvement of the World bug bounty program.

• Work with stakeholders across the company to advocate for security best practices through training and outreach.
  

About you

• At least 5 years of experience in web, mobile, application or blockchain security.

• Ability to understand and critically think about application and system architectures holistically.

• Expertise in performing threat modeling to systematically assess risks and architect mitigations that align with both technical and business goals.

• Strong understanding of state-of-the-art authentication protocols, cryptographic principles, identity management, and data protection mechanisms.

• Proficiency developing in one or more programming languages (e.g. Python, Typescript, Go).

• Experience communicating effectively with technical, non-technical and executive-level audiences.

• Desire to work in a high growth and high speed environment that is truly trying to change the world.

Nice to have:

• Background in software engineering or computer science.

• Experience developing or securing mobile applications for iOS or Android.

• Familiarity with blockchain fundamentals or experience auditing or writing smart contracts.

What we offer

The reasonably estimated salary for this role at Tools for Humanity ranges from $272,000 to $320,000, plus a competitive long-term incentive package. Actual compensation is based on factors such as the candidate's skills, qualifications, and experience. In addition, Tools for Humanity offers a wide range of best-in-class, comprehensive, and inclusive employee benefits for this role, including healthcare, dental, vision, 401(k) plan and match, life insurance, flexible time off, commuter benefits, professional development stipend, and much more.

By submitting your application, you consent to the processing and internal sharing of your CV within the company, in compliance with the GDPR.

If you don't think you meet all of the criteria but are still interested in the job, please apply. Nobody checks every box, and we're looking for someone excited to join the team.