Application Security Engineer

Braga, Portugal

One of the fastest growing fintech companies, Uphold is pursuing a mission to democratise investments and payments for people and companies worldwide. Founded in 2014, the Silicon Valley company today has more than 2 million customers in over 150 countries with an impressive 50x increase in Mobile App downloads during the first quarter of 2020.

A bridge between the old and new money systems, Uphold allows people to buy, exchange and send more than 100 currencies, cryptocurrencies, precious metals and equities instantly. An engineering-led company with a social inclusion agenda, Uphold provides a stimulating and challenging home for the brightest and best coding talent.

We stand by the idea that ‘source code is a liability, not an asset’, so we do our best to keep things simple, readable and less complex to manage.

We work collaboratively with a shared code ownership mindset to design and implement complex technical projects, balancing speed with quality, learning from our past mistakes, and allowing everyone time to take the challenge they see fit. 

If you’re a Rockstar and this sounds interesting and challenging, we want to hear from you!

The opportunity: 

We are looking for an Application Security Engineer to join our Engineering team. This is an incredibly exciting opportunity where you’ll get to analyze software designs and implementations from a security perspective, and identify and resolve security issues.

You will include the appropriate security analysis, defences and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.

You will provide expert technical guidance and hands-on validation of secure solutions during the design, development, and testing of systems supporting the Uphold products.

What you’ll be doing primarily:

  • From within the Engineering team, collaborate with the Security team to harden the codebase against attacks.
  • Working to integrate automated vulnerability assessments into the development lifecycle, then feed the results into that same cycle frictionlessly.
  • Thinking of and implementing new ways to automate and improve security across the application lifecycle.
  • Since there are multiple layers of the round trip between our systems and our customers, you’ll be looking at the void space between them, finding out how they could be used against us.
  • Working with the Security team on the product security engagement plan to educate engineers by scaling up security champions, implementing a framework for security best practice, threat modelling, and input into design reviews.
  • Performing source code reviews across our projects in different coding languages.
  • Helping manage and nurture our new bug bounty program, developing a cabal of known and trusted researchers who can help you tighten our applications’ defensive posture.
  • Helping choose and work with external formal pentesters, as they probe our applications for vulnerabilities.
  • Being involved in the design phase of the Software Development Life Cycle, embedding security architecture principles.
  • Working with the Privacy team to develop ‘privacy by design’ mindsets.
  • Writing and maintaining standards and other technical documentation.

Required qualifications:

  • Past experience with the primary responsibilities of this role and a history of high quality execution and ownership.
  • Spent lots of quality time coding, deeply learning the powerful idioms and important idiosyncrasies of multiple programming languages and their ecosystems. We like to code mostly in Golang, C/C++, Python, JavaScript (node.js, React/React Native), Android (Java, Kotlin) and iOS (Swift, Objective-C) here.
  • Diligently practiced your engineering craft, mastering your skills in multiple frameworks and codebases.
  • Experience in designing and implementing new architectures and technical strategies, while also looking after existing technology real estate.
  • Fluent written and oral English skills.

Bonus if you have:

  • Bug bounty findings or contributed to responsible vulnerability disclosures.
  • Fluency in cryptocurrencies or other digital assets as they are core to our business. 
  • Community talks, certifications, and/or blog posts on your interests and research.
  • Open source project contributions of any kind, such as tools developed to solve specific problems you’ve had or fixing issues on existing projects.

Importantly, if you’re looking for a senior role with us, you will have achieved many of the things above while also teaching others, influencing your team and organisation, and maybe even sharing your journey and knowledge publicly.

What we have to offer you:

  • An amazing work environment in a company that continues to grow, driven by extraordinary and passionate people that keep up innovating and challenging more each day.
  • An international team, in a cutting edge field, working on the most fascinating projects.
  • Growth and career opportunities, and the chance to be proactive and creative.
  • A flexible and enthusiastic work environment that offers you snacks, a lot of coffee and other great benefits.
  • Open and transparent culture – we get together on a weekly basis to share updates, strategic plans, and engage with each other informally over food and drinks.
  • Interesting events that keep you connected with the team and celebrate our success.

Be part of a great company that is revolutionizing the financial services. Apply now!

EEOC Employer

We’re proud to be an Equal Opportunity Employer and we celebrate our employees’ differences, including race, color, religion, gender identity, national origin, age, military service eligibility, veteran status, sexual orientation, marital status, disability, and any other protected classes. Difference makes us better.