Security Engineer (Application)



New York, NY, USA
Posted on Monday, June 27, 2022
Our mission is to bring blockchain to a billion people. The Alchemy Platform is a world class developer platform designed to make building on the blockchain easy. We've built leading infrastructure in the space, powering over $105 billion in transactions for tens of millions of users in 99% of countries worldwide.
The Alchemy team draws from decades of deep expertise in massively scalable infrastructure, AI, and blockchain from leadership roles at leading companies and universities like Google, Microsoft, Facebook, Stanford, and MIT.
Alchemy recently raised a Series C1 at a $10.2B valuation led by Lightspeed and Silver Lake. Previously, Alchemy raised from a16z, Coatue, Addition, Stanford University, Coinbase, the Chairman of Google, Charles Schwab, and the founders and executives of leading organizations.
Alchemy powers the top blockchain companies globally and has been featured in TechCrunch, Forbes, Bloomberg, and elsewhere.

The Role

Our mission is to bring blockchain to a billion people. That's a lot of software to cover. As an application security engineer at Alchemy, you'll be hardening one of the most sophisticated and high-throughput distributed systems in the blockchain world. You'll focus on designing, building, and deploying application security tools to protect our platform.


  • Perform dynamic application security testing (DAST) on Alchemy products
  • Perform static analysis (SAST) of the Alchemy code base
  • Discover, prioritize, and remediate technical risks on features, products, infrastructure, and acquisitions
  • Perform threat modeling on existing and upcoming features and releases
  • Develop and own best practices for application security, development, and deployment
  • Identify and assess vulnerabilities stemming from third party dependencies.
  • Identify opportunities to improve existing practices and uphold Alchemy's high technical quality bar
  • Debug production issues across services and multiple levels of the stack
  • Collaborate with other engineers, PMs, and designers

What We're Looking For:

  • 5+ years of relevant industry experience in security or operations
  • Deep understanding of web security, TLS/SSL, web authentication, and applied cryptography
  • Experience with industry standard threat models and security tooling
  • Experience with AWS technologies is a plus
  • Experience with production distributed systems, web applications, and microservice architecture
  • Proven track record securing highly available and highly scalable systems
  • Self-starter attitude and the ability to execute new ideas with autonomy
  • Experience working with startups
  • Experience working in Web3
  • A hustler mentality, founding a company or building side projects is a plus!